This increase in IoT deployments may potentially expand the attack surface due to device vulnerabilities and a lack of security controls.
According to the CenturyLink 2019 Threat Report2, the prevalence of a region’s cybercrime activities is directly related to the growth of connectivity infrastructures and networks.
As organizations drive towards digital transformation, coupled with the accelerated race in the deployment of 5G, there will be an increasingly vast number of connected assets across on-premise infrastructure, cloud and Internet of Things (IoT) networks. These are likely to introduce new attack paths for security threats.
Gartner forecasts that 14.2 billion connected things will be in use globally this year, and that the total will soon reach 25 billion by 20213.
These “things” refer to connected devices as diverse as short-range connected devices such as smoke detection alarms or thermostats; wireless LAN (WLAN)-connected industrial or factory devices or smart home consumer devices such as CCTV cameras, wireless smart sensors and even a light bulb that could be switched on or off through a mobile app.
IoT devices can be categorized into either industrial, enterprise or consumer groups. Unfortunately, the reality is that the majority of enterprise IoT devices are not managed by an organization's IT team, while myriad consumer IoT devices out there are not likely hardened or secured. Their proliferation is set to propel device-centric cyberattacks to unprecedented levels.
One expected manifestation would be a direct hack of the device itself. Take for instance, wireless smart cameras used as home security surveillance. The popular ones are often in-built with cloud connectivity, so that users can view what's happening at home regardless of where they are.
To achieve this, the smart camera is configured to act as a wireless hotspot, connecting it to the user's main router via Wi-Fi. With a mobile app, users can watch the recording and control the camera to pan or zoom. Typically, the popular ones will come with an initial loader and thereafter a Linux core is loaded. The system is usually loaded to run with default services. If these devices are not hardened, they can easily be hacked by a perpetrator armed with basic knowledge of the default admin password.
A single controlling device connected to numerous other compromised devices can trigger an attack. By commanding them to send synchronization (SYN) packets to the target in a rush, where the volume of bot traffic generated is so overwhelming that it can take down an online service or crash an entire website.
The aftermath of such attacks is often cumbersome, with a string of damages for CISOs and CSOs to work through—from unplanned downtime and monetary losses, to service recovery and long-term management of reputation loss.
Another grave concern is that DDoS attacks are no longer focused on traditional targets such as retail organizations or e-commerce sites—but are aimed at businesses of all sizes and industries.
CenturyLink has observed that several verticals such as online gaming service providers are potential targets for as high as hundreds of DDoS attacks each day. With multiple attack types and strategies such as multi-vector and diversionary attacks at their disposal, threat actors can go after a broader set of targets with much greater ease.
For this to happen, they must first conquer their cybersecurity fatigue, which is the result of exhausting management and scaling of in-house security solutions that have become piecemeal from years of knee-jerk implementations. These could conflict, overlap and leave gaps in their security posture, and are challenges without easy fixes.
There is also the problem of security solutions flooding IT organizations with reports and alerts that lead to no action. This is mainly because they either lack the specialization or the manpower among their teams to effectively contextualize the wealth of data into actual cyberthreat intelligence.
Cyberthreats are not homogeneous and can occur from within an organization. Insiders, either employees or contractors, with authorized privileges or access, can potentially introduce risks which are tough to detect-making it a real challenge for enterprises to safeguard important customer data or confidential and proprietary information. Another risk within an organization is the human element, often in form of mistakes or misconfigurations to IT systems or networks.
Trusted security partners that offer user and entity behavioral analytics (UEBA) services, for example, are becoming essential in helping them identify and act on such insider threats.
With the involvement of a security partner, businesses can step beyond their traditional log-based monitoring tools and find new ways to quickly and accurately detect, respond and mitigate potentially damaging attacks.
This method not only identifies potential insider threat activities and predicts risk propensity faster, but also removes the guesswork from security operations personnel, freeing them to conduct investigations, triage analysis accurately and to resolve threat situations quickly.
Today, digital businesses are also increasingly hosting business-critical data and applications across vast networks, increasing the risk of a security breach.
If you are a digital business with multiple offices that directly connect to the Internet on a single, corporate-wide MPLS network, you have a large attack surface. As such, merely having endpoint protection security and log correlation in your security program is likely ineffective for detecting data breaches, and this scenario is typical of many business operations in APAC.
Organizations need to adopt a ‘Connected Security’ approach in their cybersecurity strategy that is designed to help ensure holistic and proactive protection of data from both insider and external threats.
With CenturyLink Managed Behavioral Analytics, available on our Security Operations Center (SOC) in Singapore, companies can seek effective protection from cyber-attacks that steal administrator credentials or establish command-and-control channel from their servers.
By applying automated behavioral analytics service on the servers that house critical data, all the user and network activities will be monitored for signs of credential thefts, reconnaissance or lateral movement indicative of an attack. An attempt to exfiltrate data from the server will be detected by the service, followed by an investigation from our 24/7 SOC analysts, before notifying the customer, where the early breach detection enables us to remediate quickly to prevent further loss.
This strategic approach fortifies passive monitoring with necessary actions – to investigate and determine if an event is truly positive – before getting a recommended remediation solution.
As the digital landscape continues to evolve, it is imperative that enterprises act quickly to address their security shortcomings. Partnering with a trusted Managed Security Services Provider like CenturyLink is a fast and cost-effective way to achieving their desired outcomes, without loading their security programs with more management complexity.
Get in touch with us to discuss how we can take your cybersecurity strategy to the next level.
1 FutureIoT, Asia-Pacific to lead IoT spending in 2019, Feb 2019
2 2019 CenturyLink Threat Report
3 Gartner Identifies Top 10 Strategic IoT Technologies and Trends, Nov 2018
4 Journal of Information Systems Education, Teaching Case Security Breach at Target, Winter 2018
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided "as is" without any warranty or condition of any kind, either express or implied. Use of this information is at the end user's own risk. CenturyLink does not warrant that the information will meet the end user's requirements or that the implementation or usage of this information will result in the desired outcome of the end user.
Links to CenturyLink's products and offerings are represented as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2019 CenturyLink. All Rights Reserved.