Will 2017 Be The Year Of DDoS?

Forrester Research sees a rough year ahead for cyber security. Indeed, targeted espionage, ransomware, denial of service, privacy breaches and more are expected to escalate in 2017. In addition, Forrester Researcher analysts predict that more than 500,000 Internet of Things (IoT) devices will be compromised in 2017.

Perhaps not surprisingly, IDC analyst Kevin Lonergan recently warned that IoT equipment suppliers must begin implementing effective device security.

“Attackers can easily gain access to these devices via unchanged default passwords and vulnerabilities in outdated firmware,” he noted in a statement quoted by The Register. “This problem is only going to get worse as connectivity is added to traditionally unconnected devices such as home appliances, cars, etc., by vendors who have little experience with creating secure code.”

DDoS attacks are frequently executed by botnets comprising vast numbers of exploited IoT devices. Protecting Internet infrastructure companies and services from DDoS attacks can be quite challenging, as it is often difficult to shield the IP layer from a concerted cyber offensive. However, it is important to point out that the impact of DDoS attacks can be significantly mitigated by securing vulnerable IoT endpoints. To be sure, secured IoT endpoints act as a critical bulwark against nefarious botnets that exploit and recruit hundreds of thousands of defenseless “zombie” devices.

It should also be noted that manufacturers who have their devices exploited by botnets do incur very real losses, including recalls and a badly damaged reputation. Moreover, a recent federal commission report on Enhancing National Cybsersecurity recommended that the U.S. Department of Justice (DoJ) lead an interagency study with the Departments of Commerce and Homeland Security and work with the Federal Trade Commission, the Consumer Product Safety Commission and private-sector parties to assess the current state of the law with regard to liability for harm caused by faulty IoT devices.

“To the extent that the law does not provide appropriate incentives for companies to design security into their products, and does not offer protections for those that do, the President should draw on these recommendations to present Congress with a legislative proposal to address identified gaps, as well as explore actions that could be accomplished through executive order,” the report stated.

Although IoT security has frequently been treated as a tertiary afterthought rather than a primary design parameter, the above-mentioned federal commission report, along with the “Strategic Principles for Securing the Internet of Things” recently outlined by the U.S. Department of Homeland Security (DHS) could signal a shift for the burgeoning IoT market. Put simply, vulnerable IoT devices cannot be pushed to market with little regard for security, as they pose a direct and very real threat to providers, services and individuals.