Cyber crime and the weaponisation of IoT
2016 seems to have been the year of the IoT botnet. Currently, various organisations estimate that there are between six and 12 billion IoT devices out there, and this number is expected to grow beyond 20 billion by 2020.
IoT devices, by their very nature, have to be easy to deploy and use and this can mean they get very little consideration from their users when it comes to security. Fundamentally, IoT devices are small computers that in some cases are directly connected to the Internet without firewalls. How many of us would plug our laptop into the open Internet without any security enabled, or any patches installed on top of the original operating system and applications? Not many, but some people don’t think about IoT devices in the same way.
The sheer number of IoT devices now available, and their lack of security features, makes them an ideal target for attackers looking to build out botnets. IoT botnets are nothing new, they have been with us for a few years, but last year saw a massive increase in the recruitment of IoT devices by bad-actors around the world. And, we all know what happened next; large scale botnets were built and weaponised so that they could be used to launch DDoS attacks.
Distributed Denial of Service (DDoS) attacks are attacks that target the availability of an Internet connected service, application or business. Last year IoT botnets were responsible for sustained 540Gbps attacks against organisations affiliated with an international sporting event in Brazil in August; attacks against security journalist Brian Krebs in September, which peaked at 620Gbps; and high-profile DDoS attacks against authoritative DNS provider Dyn in November. The Krebs and Dyn attacks both received significant media coverage due to their effectiveness and persistence. The large international sporting event did not because it was effectively dealt with by the service providers involved.
More devices means more attacks
The DDoS attacks from IoT botnets contributed to the strong growth in the scale, frequency and complexity of DDoS attacks last year. According to Arbor Networks’ most recent Worldwide Infrastructure Security Report peak DDoS attacks sizes have grown rapidly, with a CAGR of 68percent over the past five years. Average attack sizes also grew by 23percent just in 2016, and there was a big jump in the proportion of organisations seeing the most complex multi-vector attacks last year. As more organisations become dependent on Internet connectivity, data and application services for day-to-day business continuity DDoS represents a significant risk. This is being addressed by many businesses and the same study also shows that 66percent of enterprises are now factoring the DDoS threat into their business risk management processes, so that it gets the right focus.
Mitigating the IoT and DDoS threat
Even if all IoT vendors suddenly decided to harden their devices and implement proper security measures many devices would never be patched or upgraded. Going forward better security within IoT devices is a must, but businesses and individuals need to be protected from those that are out there today.
The first thing we should do is prevent our devices being leveraged by attackers. Individuals and businesses should implement best practice, segmenting their networks and putting appropriate access restrictions in place so that IoT devices can only communicate with relevant services and users. Default passwords should be changed and where possible the latest firmware updates installed to remove vulnerabilities. Monitoring should also be put in place so that unusual network activity can be identified and investigated quickly.
The above will ensure that our own devices are not a part of the current problem, but we should also ensure that we have the appropriate services and solutions in place to protect the availability of our Internet connectivity from DDoS attack. Layered protection, incorporating a network perimeter component and a cloud / service-provider based services is best-practice and can defeat DDoS attacks, maintaining connectivity and service availability – protecting business continuity.
Future of IoT devices
The use of IoT devices to launch DDoS attacks is nothing new, it is the scale of the problem now that has brought this to the mainstream. IoT devices need to be engineered with better security in mind, and purchasers of these devices need to insist on this. What we have seen thus far is one kind of threat from IoT – but there will be others. Malware that hunts for IoT devices inside our networks already exists, allowing a compromised PC to spread an infection onto IoT devices that may not be accessible from the Internet. We are just beginning to see the impact IoT will have on security.
By Darren Anstee, Chief Security Technologist at Arbor Networks
Automation of repetitive tasks leads to higher value work
Two-thirds of global office workers feel they are constantly doing the same tasks over and over again. That’s according to a new study (2021 Office Worker Survey) from automation software company UiPath.
Whether emailing, inputting data, or scheduling calls and meetings, the majority of those surveyed said they waste on average four and a half hours a week on time-consuming tasks that they think could be automated.
Not only is the undertaking of such repetitious and mundane tasks a waste of time for employees, and therefore for businesses, but it can also have a negative impact on employees’ motivation and productivity. And the research backs this up with more than half (58%) of those surveyed saying that undertaking such repetitive tasks doesn’t allow them to be as creative as they’d like to be.
“When repetitive, unrewarding tasks are handled by people, it takes time and this can cause delays and reduce both employee and customer satisfaction,” Gavin Mee, Managing Director of UiPath Northern Europe tells Business Chief. “Repetitive tasks can also be tedious, which often leads to stress and an increased likelihood to leave a job.”
And these tasks exist at all levels within an organisation, right up to executive level, where there are “small daily tasks that can be automated, such as scheduling, logging onto systems and creating reports”, adds Mee.
Automation can free employees to focus on higher value work
By automating some or all of these repetitive tasks, employees at whatever level of the organisation are freed up to focus on meaningful work that is creative, collaborative and strategic, something that will not only help them feel more engaged, but also benefit the organisation.
“Automation can free people to do more engaging, rewarding and higher value work,” says Mee, highlighting that 68% of global workers believe automation will make them more productive and 60% of executives agree that automation will enable people to focus on more strategic work. “Importantly, 57% of executives also say that automation increases employee engagement, all important factors to achieving business objectives.”
These aren’t the only benefits, however. One of the problems with employees doing some of these repetitive tasks manually is that “people are fallible and make mistakes”, says Mee, whereas automation boosts accuracy and reduces manual errors by 57%, according to Forrester Research. Compliance is also improved, according to 92% of global organisations.
Repetitive tasks that can be automated
Any repetitive process can be automated, Mee explains, from paying invoices to dealing with enquiries, or authorising documents and managing insurance claims. “The process will vary from business to business, but office workers have identified and created software robots to assist with thousands of common tasks they want automated.”
These include inputting data or creating data sets, a time-consuming task that 59% of those surveyed globally said was the task they would most like to automate, with scheduling of calls and meetings (57%) and sending template or reminder emails (60%) also top of the automation list. Far fewer believed, however, that tasks such as liaising with their team or customers could be automated, illustrating the higher value of such tasks.
“By employing software robots to undertake such tasks, they can be handled much more quickly,” adds Mee pointing to OTP Bank Romania, which during the pandemic used an automation to process requests to postpone bank loan instalments. “This reduced the processing time of a single request from 10 minutes to 20 seconds, allowing the bank to cope with a 125% increase in the number of calls received by call centre agents.”
Mee says: “Automation accelerates digital transformation, according to 63% of global executives. It also drives major cost savings and improves business metrics, and because software robots can ramp-up quickly to meet spikes in demand, it improves resilience.
Five business areas that can be automated
Mee outlines five business areas where automation can really make a difference.
- Contact centres Whether a customer seeks help online, in-store or with an agent, the entire customer service journey can be automated – from initial interaction to reaching a satisfying outcome
- Finance and accounting Automation enables firms to manage tasks such as invoice processing, ensuring accuracy and preventing mistakes
- Human resources Automations can be used across the HR team to manage things like payroll, assessing job candidates, and on-boarding
- IT IT teams are often swamped in daily activity like on-boarding or off-boarding employees. Deploying virtual machines, provisioning, configuring, and maintaining infrastructure. These tasks are ideal for automation
- Legal There are many important administrative tasks undertaken by legal teams that can be automated. Often, legal professionals are creating their own robots to help them manage this work. In legal and compliance processes, that means attorneys and paralegals can respond more quickly to increasing demands from clients and internal stakeholders. Robots don’t store data, and the data they use is encrypted in transit and at rest, which improves risk profiling and compliance.
“To embark on an automation journey, organisations need to create a Centre of Excellence in which technical expertise is fostered,” explains Mee. “This group of experts can begin automating processes quickly to show return on investment and gain buy-in. This effort leads to greater interest from within the organisation, which often kick-starts a strategic focus on embedding automation.”