It’s possible the only people sad to see 2016 behind us are the hackers. For them, it was a year of “go big or go home.” Not only did Yahoo’s second major breach top a billion stolen accounts, Time’s Person of the Year — behind Donald Trump and Hillary Clinton — was “The Hackers.” One good thing these hacks do is give us some pretty epic lessons learned.
First, the most important hack of the year wasn’t connected to Trump, Clinton, or even Yahoo. It was connected to you.
Remember when Twitter, Spotify, Reddit, and The New York Times all went dark at once? That was a Distributed Denial of Service (DDoS) attack on a company you’d probably never heard of before a few months ago: Dyn. Basically, malware instructed a bunch of Internet of Things (IoT) devices to work together (called a botnet) to flood the company with so much junk traffic, they couldn’t keep up. Since Dyn is a Domain Name Service provider, which basically means they route you to your favorite websites, taking Dyn down meant taking down their customers, too.
This method of attack is nothing new, and sadly, nothing too hard for the average cybercriminal. But it’s the attack vector — the IoT — that tells us the most about what the future holds.
If you think a billion stolen records is a big number, consider this:
In less than five years, there will be three times the number of connected devices as people on Earth.
Gartner places the number at 21 billion by 2020. There’s no shortage of talk about the enterprise’s challenge of detecting and protecting all of those individual connections.
What’s not talked about is what this means for you. After all, connected devices working together is a beautiful thing. But what happens when the billions of devices, like smart watches, thermostats, dolls, refrigerators, door locks, baby monitors, and lights — work together to commit crimes? See, as we excitedly outfit our homes with these amazing technologies, we’re making our safest place in the whole world, “connected.”
It’s the perfect storm, and it’s brewing in our very own living rooms. Take note of these three things most people don’t know about IoT devices:
One, they don’t have any built-in security, and pre-set passwords are generic and intended to be changed by the new owner. If you haven’t updated these passwords from the factory default, your device may already be part of a botnet. In fact, that’s just what the latest malware looks for — devices with weak or factory default passwords that haven’t been changed.
Two, a lot of enterprise security products have a hard time detecting an IoT device. That means hackers can get access easily because they’re able to bypass typical security controls.
Three, DDoS attacks aren’t the only thing hackers can do once they have access. A malware-infected IoT device can become a backdoor for hackers to get inside companies and steal information.
What does this mean for cybersecurity in 2017?
Two words: It’s personal.
Yes, manufacturers of IoT devices should be held responsible for certain levels of security. But we can’t keep passing the buck. As users who bring these technologies into our homes and businesses, we’re responsible, too. The good news is it doesn’t take much to make a big difference.
Did you give or receive a Wi-Fi gadget for the holidays? Instead of clicking “next” in the setup, make sure you change the default password to something more complex and unique. Also, look for the option to enable encryption. Itching to connect to Wi-Fi when you’re away from home or work? Be sure you connect to a trusted, secure network. Keep clicking “Remind me later” when your device has a software update? Stop procrastinating and update your software as soon as new versions are available.
Taking these steps to strengthen the security of your connected devices will not only improve your personal cybersecurity, it will make a big difference in the global fight against cybercrime.