The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

Is your refrigerator running? Yes it is, and it’s flooding the Internet!

Scott Laliberte

Managing Director

Views
Understand the GDPR legitimate interest vs. consent dilemma
Larger Font
2 minutes to read

The distributed denial of service (DDOS) attack on October 21 offered a new twist on an old trick that should cause us to pause and pay attention. DDOS attacks are nothing new. They became popular in the late 90s, when all of us security experts were busy trying to figure out how to combat them. At the time, the attackers were taking advantage of outdated and unpatched operating systems of home users and small businesses, using them as “zombies” – devices attackers can compromise and use to attack other devices. Operating system vendors responded to the rash of DDOS attacks by creating operating systems that were more difficult to hack and easier for end users to patch and update. The “arms race” between manufacturers and hackers has been going on ever since.

While end-user machines are still easy targets for phishing, malware and other types of attacks, internet of things (IoT) devices have opened up a whole new opportunity for hackers. Layer on this opportunity an attractive sci-fi scenario of an army of rebellious home appliances bringing down some of the biggest businesses on the Internet, and you have provided plenty of motivation for hackers to take that route.

IoT devices represent advances in technology that are beginning to change our way of life, in many ways for the better. However, IoT will bring new risks, in addition to new opportunities.

This caution was well placed. From a security perspective, the IoT presents a new attack vector that manufacturers of connected devices must take seriously. Some IoT manufacturers have expressed a cavalier attitude toward the possibility of their devices being hacked. In conversations, I often hear that “if an IoT device is hacked, only a handful of users will be affected and the impact to the business would be minimal.” Unfortunately, this position does not take into account the manufacturers’ responsibility to the rest of the internet to make sure these devices are properly protected so they cannot be used as weapons to attack other legitimate businesses on the internet.

Internet of Things (IoT) technologies are relatively new, of course, and many organizations are still figuring out how to ensure their security, but manufacturers must be the first to step up to build protections into the product’s life cycle. Consumers must demand this as well and be willing to pay for the additional costs that accompany these proper levels of protection.

Online businesses, for their part, must recognize the DDOS threat is real and will not go away. They must consider the potential impact to their businesses and design appropriate protections commensurate with the risk of IoT. Multiple on-premise and cloud-based solutions exist today to help combat DDOS attacks.

Here is my prediction: This month’s news item is just one of many more to come. I think this most recent round was a message from attackers, saying they can bring down even the biggest players using the most ordinary of home electronic devices, should they so desire. I fully expect to see an increase in ransom and protection payment demands in the coming weeks. So the challenge is on. Is your company ready? Share your thoughts in the comments.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Scott Laliberte

By Scott Laliberte

Verified Expert at Protiviti

Scott is the Global Leader of Protiviti’s Emerging Technology Group. Scott and his team enable clients to leverage...

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

What you need to know: Aging systems, data silos, regulatory pressures and talent gaps complicate enterprise transformation for public utilities....

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

The big picture: C-suite leaders in traditional aerospace and defense (A&D) companies are launching and growing their aftermarket services and...

Search