If you have have not heard about it yet, you will in the future. IOT is the Internet of Things. Basically this is all the equipment, appliances and cars out there in the world that can access the internet. The reasoning behind this is a good one – maintenance of appliances and vehicles, systems to turn them on and off, etc. However, they have now become a great back door for Denial of Service (DOS) attacks.
Last week, DYN, one of the main DNS server hosting companies was down because of a DOS attack. Even though there are millions of computers, there are only “hundreds” of DNS servers supporting the internet. The job of these servers is to turn a “friendly host name” like www.act.com into the real under the covers address which is an IP number, like 18.104.22.168. Several key websites that were known to DYN were Twitter, Netflix and Paypal. Those are big names. What may also have been affected were websites closer to home – like your website or the website hosting any of your cloud apps.
Companies and consumers are doing a better job of protecting their computers so that the bad guys can’t use them as relay machines when they try to run a DOS attack. But, many IOT devices do not contain protection or if they do it’s complicated for an end user to find and update. This has become the new favorite vehicle for attackers.
Unfortunately until there is some kind of governing body that puts out requirements for these devices to have protection, all our websites are vulnerable. And our data.
While I myself am moving some of our applications to the cloud (which, again, as I have said before, is just another computer somewhere else, hopefully with adequate safe guards in place and 24×7 power) I am very reluctant to put everything there. If you have critical data you need to access at any time, you need to also be judicious and careful where you have your data.
When looking at a cloud application, ask yourself – “self, could I run my business if my data was inaccessible?” I bet “self” would come back much of the time and say “nope.” Therefore choose your cloud apps carefully. Have a solid backup plan in place. Because, my friends, there are lions, tigers and IOT devices out there. Just waiting to play.