No cyber attack is any more ideal or any less of an inconvenience than another. In other words, companies don't exactly have a preference on which attack they are struck by – each threat is as disruptive and frustrating as the next. However, I don't think it'd be totally absurd to suggest that distributed denial-of-service attacks are among the very worst threats in today's landscape. This can be attributed to a number of things. Firstly, it's the kind of threat that embroils all business processes on the company network. For many organisations, this means the entire business comes to a halt when struck. Unfortunately, downtime can cause significant long-term damage for any brand, particularly in time, money, and reputation. Thus, in the threat portfolio, DDoS is one that requires special attention so as to not have your business run into the ground by a malicious actor. Worse still, the DDoS attack growth rate is alarming. Worryingly, in 2019, more companies succumbed to the threat than ever. Fuelling it is the fact that DDoS attacks are relatively cheap to carry out, with the potential for great return. However, another factor making DDoS increasingly ubiquitous is the Internet of Things (IoT). Industries globally are taking great strides in adopting IoT, creating a more connected environment in every arena. As a result, we will enjoy improved communication, better device monitoring, more insight into our wellness, and much more. While efforts for a more IoT-enabled future will continue, the surge in connected devices will widen the attack surface beyond comprehension. In turn, IoT creates a hotbed for DDoS to thrive.
I predict a (r)IoT
DDoS opportunists are already exploiting the business environment in whatever ways they can, and IoT devices will be no exception to the rule. Thus, organisations must make a simultaneous effort to embrace IoT, but securely. IoT devices are already accountable for the annual significant increase in DDoS attacks. If historical data is anything to go by, this is likely to keep rising. Today, organisations need robust DDoS defence systems and strategies. When selecting a solution, companies should seek out those that offer real-time mitigation. This is because with DDoS, every second counts to avoid or minimise downtime. As seen with companies struck before, there is a perfect positive correlation between overall downtime and what it costs the business. Thus, by having an instantaneous solution, companies can quash the ill effects of a DDoS attack as best as possible. What's more, companies should exercise fuzz testing to ensure the robustness of their software. Of course, organisations can therefore also use it to identify their weaknesses. Fuzz testing is nothing new, but it is particularly effective for organisations exploring their unique DDoS mitigation needs. However, much of the threat mitigation will come down to education and prescribed best practices. From the initial setup, organisations should configure devices securely through unique IDs and passwords. In particular, steer clear of default settings and passwords so as to make infiltration more complex. DDoS attacks aren't going anywhere, nor are IoT devices. However, if organisations follow best practices and keep up with emerging IoT threats, they can make the most out of the connected future.
Enjoy this article? Check out our CxO of the Week, Howie Liu at Airtable.