What Business Leaders Need to Know Now about Recent, High Profile DDoS Cyberattacks

Over the past several weeks there has been a lot of talk in the media about DDoS attacks, especially “Mirai malware,” botnets for rent, Chinese-built webcam recalls and the “destructive power” of the Internet of Things (“IoT”). For the uninitiated (or disinterested), this sounds like a lot of “tech talk” reserved for real and wannabe tech geeks (like me) to ruminate about.

The very real reality, however, is that these recent, high profile IoT (connected device)-driven DDoS (distributed denial of service) cyberattacks are very much a “business” matter for business leaders to address, as these attacks have the potential to disrupt operations for significant periods of time, and to cause physical harm to corporate assets and even personnel.

“A growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property.”

By way of background, here is a short, quick list of recent events that have highlighted this threat:

“A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks.”

What these events of the past 90 days show us is that cyberthieves have (most would say, predictably) managed to combine a known, common (and mostly defensible) cyberattack method (DDoS) with the Internet of Things (a world of connected devices) to launch massive, historic-by-proportion cyberattacks against organizations around the world. More specifically, attackers can now use unsecure, commonplace devices such as webcams, refrigerators, and fax machines as conduits to launch massive traffic attacks that can disrupt and shut down businesses whose systems are connected to or dependent on the Internet.

Because the overwhelming majority of organizations and businesses alike are, in fact “connected to or dependent on the Internet,” this means that IoT-driven DDoS cyberattacks now represent a major cyberthreat to the business community. Savvy, informed leaders will be quick to recognize and understand this threat, and to work with their IT teams and the organization’s IT partners and providers to understand just how vulnerable they in this environment. Steps should be taken to identify vulnerabilities and to put in place incident response plans so that everyone within the organization knows who should be doing what and when and with whom in the event of such an attack.

IoT-driven, mass-traffic DDoS cyberattacks are technical in nature, but their impacts are not. Organizations who understand and recognize this reality will be better prepared and ready if and when they do face this twisted, criminal effort.