Akamai Report Notes Increase in Scale and Automation of Security Attacks

Broadcasters need to understand IoT threats
Author:
Publish date:
Updated on

If there is a single truth about trends in the Internet security space, it’s that every year brings more of the same. Akamai’s 2018 State of the Internet (SOTI) report looks forward to 2019 by describing ongoing patterns from the past few years, and suggests they’ll likely continue to evolve in the ways that they already have. Broadcasters, like other internet users, should continue to expect threats in the form of brute force DDoS attacks, application level attacks, credential stuffing and the theft and sale of credentials.

A more specific portfolio of threats exists for broadcasters, who are heavily invested in the Internet of Things, which are also vulnerable. A recent Gartner report estimates that by 2020 there will be over 26 billion connected devices, excluding PCs, tablets, and smartphones.

[Read: Cybersecurity: What Execs Should Know]

There are a number of weaknesses in IoT devices, which make them vulnerable to hackers.

  • Very little security is built into the device itself, often as an economy measure, but also because some safeguards may impede operation.
  • Because of poor network segmentation, the device may be directly exposed to the web. It can act as a pivot to the internal network, opening up a backdoor to let criminals in.
  • Developers of IoT devices sometimes leave behind code or features developed in beta that are no longer relevant. This hidden functionality can provide a way in for hackers.
  • Default credentials are often hard coded. That means that the software won't force you to create a unique password. Typing “1-2-3-4-5” can get you into a surprising number of devices.

A glimpse at best practices might be gleaned by looking at the U.S. government, which introduced the Internet of Things Cybersecurity Improvement Act. It requires that any devices sold to the American government be patchable, not have any known security vulnerabilities, and allow users to change their default passwords. If you’re not working for the government, you’re on your own to figure all of this out.