According to a recent prediction detailed in the Deloitte Global TMT Predictions 2017 report, incidents of DDoS are expected to rise to 10 million attacks during the year. The escalation of DDoS, according to them, is primarily due to the growing base of insecure IoT devices, readily available online instructions for unskilled attackers, and rising uplink data speeds.
One of the solutions Deloitte Global has recommended is certification marks for connected devices. They propose that device vendors should obtain security certification for their products, and for this to be labeled on the device packaging. In addition, they also recommend the introduction of software grading systems to help consumers understand the caliber of the security provided with the product they are considering purchasing.
Simultaneously, the Federal Trade Commission (FTC) has launched an IoT Home Inspector Challenge, with a prize of up to $25,000, that challenges the public to create a technical solution for consumers that can guard against software security vulnerabilities found on connected Internet of Things (IoT) devices in their homes. Contestants also have the option of adding features, such as those that would address hard-coded, factory default, or easy-to-guess passwords.
And in a similar way, California lawmakers are asking for IoT regulations through SB 327, which calls for connected device manufacturers to secure their devices, protect the information they collect or store, indicate when they are collecting it, get user approval before doing so, and be proactive in informing users of security updates
Similar to the suggestions I made in my 2015 blog, the FTC and California lawmakers must ask vendors to self-declare at least following information:
These communication declarations will force IoT manufacturers to revisit their quality assurance processes and fortify their Internet communications.
The reason why this is so important is that most home users are simply not technical enough as users, and therefore cannot create sophisticated firewall rules for themselves. As a result, the responsibility for security must lie primarily with the IoT vendors and their associated operating systems to self-enforce such behavior.
Security appliances must enforce the above policies to ensure that IoT devices are secure, and that cybercriminals are not able to misuse their connectivity. This is true both for individual consumers and for organizations adopting IoT as part of the new digital business model.
For enterprises and other organizations, the Fortinet Security fabric architecture can also ensure that networks, devices, and data are protected from both inbound and outbound attacks, including malware and DDoS attacks. Within a Security Fabric framework, ATP security tools inspecting for advanced threats, the automatic segmentation of IoT traffic, anti-DDoS tools, and other security technologies can all work together to correlate intelligence, identify threats, and provide a coordinated and synchronized response anywhere along the potential attack surface, from IoT to the cloud.