Three simple steps could deter up to 99 percent of cyber disruptions.
Disruptive incidents such as the recent distributed denial of service (DDoS) attack on Internet performance management company Dynamic Network Services Inc., (Dyn) that interrupted services at user favorites such as Amazon and Twitter could easily have been prevented, a Washington, D.C.,-area chief information officer says. From eliminating easy-to-guess default passwords to installing secure network architecture, organizations can protect themselves from falling prey to the next big cyber boom before it brings down their operations.
In "How to Easily Deny Denial of Service," SIGNAL Magazine Editor-in-Chief Robert K. Ackerman relates how the growing interconnectivity of devices is increasing the impact a single DDoS can have on organizations, Internet-dependent companies such as retail businesses and individual users.
Ackerman interviewed a CIO who viewed some of the code used in the attack on Dyn. Among the most successful penetration codes was one that sought open Telnet connections, tried a number of different combinations of everyday user names and passwords, and then infected those that matched those combinations.
"Many manufacturing facilities ship wireless devices with easy-to-guess passwords such as 'password' or a blank space," the CIO explained. The usernames—in many cases as straightforward as "administrator" or "admin"—also are predictable. When examining the recent DDoS attack malware code, he said several potential searches targeted such accounts.
The Internet of Things, which enables devices to operate unsecured in a single wireless environment, magnifies the problem, the article goes on to explain. Simply disconnecting devices that do not need to be linked to the Internet is one preventative measure that can curb DDoS disruptions.
The article offers details about the most vulnerable devices and features recommendations about how to evade the vast majority of attacks by taking other simple measures.
This article and dozens of others about cybersecurity are available on the SIGNAL Media website.