DDoS Attacks: Five security trends
In recent weeks, new types of DDoS attacks have appeared in Switzerland using unsecured IoT devices. How can SMB sectors arm themselves against digital saboteurs? F5 presents five current security IT trends that companies should watch out for in the coming months.
There is no doubt that security threats are becoming more extensive and sophisticated, F5 Network underscores.
The current attack on the DNS provider Dyn has once again shown that companies must expect ever greater threats. According to media reports, the latest attack was based on around 300,000 unsecured IoT (Internet of Things) devices as a botnet, through which a DDoS attack with a data volume of 1.2 terabits per second was generated.
This was the biggest attack of its kind so far. Thus, numerous websites were paralyzed in the current attack on Dyn, such as those of Twitter, Spotify, Netflix and Amazon. Swiss customers were also affected when they were blocked from searching and resolving web addresses. How can customers now ensure that they have a defense strategy against DDoS attacks - or have a clear plan in place in case they were the victim of an attack?
Threats increase
There is no doubt that security threats are becoming ever more extensive and sophisticated. Unfortunately, it is becoming increasingly likely that Swiss companies will be the target of an attack. Security specialist F5 has summarized the five most important trends that companies should keep an eye on in the coming months so that they are sufficiently prepared.
1.) Locate any IoT hardware
IoT devices are currently on the rise - but security measures are not keeping pace. Vulnerabilities in smart networked devices make them easy prey for cybercriminals. They are hijacking more and more devices such as surveillance cameras, home routers and baby monitors and using them for their own purposes. With just a few clicks, they can generate massive DDoS attacks.
There needs to be a growing awareness in the enterprise of the vulnerabilities of any IoT devices, which offer many benefits but also provide another attack vector for cybercriminals.
2.) Basic Data Protection Regulation GDPR
The General Data Protection Regulation (GDPR) will not apply until May 2018, but since most companies will probably need several years to implement it, they should address this issue now. In view of the threat of sanctions, such as a fine of four percent of annual global sales, they need to adapt their IT infrastructure quickly.
Parts of the GDPR, such as the right to be forgotten and data portability, can cause problems. That's because many companies don't even know exactly what customer data they store and where. The biggest challenge is determining how much data they are responsible for. But data breaches or claims by their customers can cause painful losses to company profits and damage customer relationships.
3. ) Optimal cloud usage
Companies are increasingly migrating their infrastructure to the cloud. However, many security concerns remain unresolved. Do companies know how to work securely in the cloud and who holds the key to their data? Current technologies enable a secure transition to the cloud.
For example, cloud access security broker (CASB) solutions apply strict security policies across multiple cloud services. This gives IT teams control over who can access cloud services and ensures that corporate data is encrypted securely enough.
4.) App security
There is a wide range of mobile apps available today that allow users to access corporate data from a variety of devices in different locations. Any vulnerability in this network, such as a cell phone infected with malware, can open up access to the company for cybercriminals. If they manage to obtain an employee's login data, they gain access to all the data accessible to the employee.
Therefore, to better protect themselves, companies need to optimize security at the app level as well as place more emphasis on educating employees and not rely solely on the good old firewall approach.
5.) Identity and access control
Today, employees can access various online portals - from financial services to expense reporting - with just one user account (aingle sign-on). If an employee leaves the company, he or she can continue to access critical data using his or her login data, unless his or her user accounts have been deactivated in good time.
Therefore, it is imperative to use federated services technology that supports a single sign-on approach. Here, authentication takes place at the employer and employees are redirected to the cloud service when accessing applications. This gives companies control over their employees' credentials and better protection against fraud.
For further information please visit www.f5.com
