Former US President Barack Obama famously stated that cyber-security was one of the most serious economic and national security challenges that the US faced as a nation. And it is an issue that has continued to grow. Even as many organisations implement processes to identify IT security risks and develop strategies to mitigate those risks, there remains widespread and growing concern worldwide. And we can see this in our daily lives.
While it might just feel that barely a week goes by before we see reports of yet another cyber-attack, this perception is, in fact, based on real world evidence. Both the number and scope of cyber-attacks are increasing at an incredible rate. It is estimated that people in the UK are now 20 times more likely to be robbed via their computer than mugged on the street. Private citizens are not alone. Corporations, governments and all manner of organisations can also be vulnerable to criminal cyber-activity.
A growing concern for people and organisations alike is the ever-increasing number of IP-enabled devices being connected to our networks. Our increased interconnection, particularly through the Internet of Things (IoT), means that just one improperly secured device can provide access to any number of the systems that could potentially contain private, sensitive and valuable information. And the impact can be extensive.
The increasing scope of criminal cyber-activity
Last October, a Distributed Denial of Service (DDoS) attack disrupted, among others, Twitter, Reddit, The Guardian, Netflix and CNN. It was executed using a Mirai botnet that recruited IoT devices, including thermostats, fridges, cameras and DVR recorders, and then unleashed torrent traffic so as to bombard servers and websites with enough requests to collapse them.
This particular attack targeted systems operated by Domain Name System (DNS) provider Dyn. Currently regarded as the largest of its kind, the attack is said to have been a sustained assault for an entire day and had a strength of 1.2 Tbps. It was more than twice as powerful as any other attack on record.
Following the attack, Dyn released a statement, which said that the company had observed tens-of-millions of discrete IP addresses associated with the Mirai botnet. And, when it was revealed that some of its devices were involved in the attack, the Chinese manufacturer Hangzhou Xiongmai issued a product recall for its webcams in the US.
Given the increased efficiency, accessibility and convenience that the IoT provides, it is unlikely that individuals or organisations will move away from it. In fact, as we move forward, it is likely that our devices and systems will become even more connected. So, the question now is, how can we protect our networks and ourselves?
How we can protect our networks and ourselves
Cyber-security can no longer be an afterthought or something added on top of an existing product. We all need to be confident that our systems are secure from both a physical and a cyber perspective. To build this confidence, organisations should be working with companies and vendors that have a clear vision that includes baking cyber-security into their products. Today's solutions must allow us to take steps to maintain and improve network security, particularly as the IoT expands. These steps include authentication, authorisation and encryption.
Through the process of authentication, organisations can determine if an entity—user, server, or client app—is who it claims to be and then verify if and how that entity is allowed to access a system. Authorisation allows administrators within an organisation to restrict the scope of activity within their system by giving access rights to groups or individuals for resources, data or applications and by defining what users can do with these resources. And encryption protects an organisation's information and data by using an algorithm to translate plaintext or readable text into ciphertext or unreadable text.
By protecting access and communication, we can all work towards ensuring that our systems and networks are secure as the world continues to embrace the IoT. This will allow us to mitigate the risks as we reap the benefits of increased connectivity.
Contributed by Mathieu Chevalier, security architect, Genetec Inc.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.