Is the Internet of Things inherently broken?

There is an often repeated statistic that there could be billions of connected devices by the year 2020. But unless something drastically changes how these devices are secured, that could be more bad news than good.

Several recent security incidents have highlighted just how dangerous Internet of Things (IoT) devices can be. First, Brian Krebs, a security journalist and researcher, saw his site hit by a massive distributed denial of service (DDoS) attack. It clocked in at 665 gigabits per second, a figure that would’ve been nearly unimaginable just a few years ago.

In many instances, the traffic that left his site crippled were coming from a botnet that used IoT devices. These devices are generally not given the same security precautions or updates as smartphones or computers, which leaves them as an excellent source of attacks (especially given that they’re usually cheap and numerous).

According to reports, that created a perfect storm of security issues. Part of the reason the botnet was successful was it only had to try a handful of password combinations to successfully crack devices. Brute force attacks using default usernames and passwords for products were leading to compromised devices at a furious pace, with some devices being compromised as little as six seconds after they were first connected to the Internet.

Securing against DDoS

For many IT pros, what makes this story frustrating is that there’s little they can do themselves to prevent DDoS attacks from compromised IoT devices. Instead, they’re left relying on the industry to shift to a security-first mindset and users worldwide to make sure they’re taking security steps to protect all their devices.

For many companies, the best interim solution will be partnering with third-party DDoS security companies. These services likely won’t be cheap, but it could make all the difference from losing a day or more of revenue while a site is down – and likely paying hefty sums to get back up and running anyway.