Eleanor Hecks, Editor of Designerly Magazine and regular contributor to IoT Insider discusses implementing IoT to protect from IoT botnet threats
The latest Netskope Threat Labs shows retailers face ever-increasing risks from IoT botnets. As more companies adopt IoT devices, cybercriminals ramp up their efforts. Small businesses may need more technology to protect their customers and proprietary information fully.
In early April 2024, Netskope Threat Labs published research about cloud threats for retailers. Internet of Things (IoT) botnets were a common tool utilized by cybercriminals in attacks in the twelve months prior. One factor leading to an uptick in IoT botnet attacks is that more retailers are using cloud-based applications in their online sales.
How botnet threats impact retailers and customers
An IoT botnet is a network of interconnected devices controlled by a botmaster. The attacker can insert malware and compromise it. For example, a cybercriminal might attack point-of-sale machines and steal data from customers swiping their cards to pay for gas at a fueling station.
Around 80% of IoT devices are non-consumer-facing, falling into industries such as manufacturing or medical. Because businesses in these industries deal with such large amounts of sensitive customer data, hackers have a good chance of extracting data on hundreds or thousands — sometimes even millions — of people from a single attack.
The Mirai botnet is still a threat. It’s a well-known security breach because it created the largest attack to date. It started by crashing a few Minecraft servers but expanded and brought down Netflix, Reddit, Twitter, CNN and the Guardian, showing how much damage the code could do to businesses.
Imagine vulnerabilities in cloud servers and all the sensitive information hackers could access by utilising such an attack. There are various problems with IoT botnet attacks.
Reduces consumer trust
Companies must inform consumers when there is a breach. Consumers with compromised information need an opportunity to put protective measures in place, such as credit tracking or locking down their credit reports.
Informing clients that they suffered an attack can harm retailers’ reputations. The result may be losing customers or fewer orders.
Disrupts sales (DDoS)
A distributed denial-of-service (DDoS) botnet attack disrupts servers and crashes sites, much like Mirai’s attack on major players. When a website goes down, retailers potentially lose money every minute that customers would typically place orders.
DDoS attacks also turn off potential new clients who visit the site and get an error. Rather than trying again, they bounce to a competitor’s site and assume the original company is out of business or has a faulty page.
Legal repercussions
Companies doing business within the European Union are subject to regulations such as the General Data Protection Regulation (GDPR) Act. If they fail to comply with basic practices to protect consumer data, they may be subject to fines.
Some industries have other entities regulating how they process personal information. If you must comply with rules, check to see what happens if your brand suffers a data breach.
How to incorporate IoT
IoT devices will reach 30.9 billion by 2025, leaving a vast chasm for botnets to target. Fortunately, businesses can protect themselves and consumers from threats using numerous strategies.
Extra security
Assess cloud-based apps and storage and their security. Add multi-factor authentication to prevent bots from logging in by trying thousands of possible password combinations.
Keep software updated and add any security patches as soon as they’re released. An updated database prevents hackers from access. Check all devices to ensure they have the latest measures and virus protection.
Segment networks
Segmented networks break up data. Even if a botnet attack occurs, it won’t spread across the entire network and may save a few unprotected devices. One example is a software-as-a-service (SaaS) provider. If a business segments its clients, an attack may impact only one or two instead of the entire client base.
Monitor continuously
Invest in top-notch virus protection. Ideally, you’ll have artificial intelligence running in the background, looking for anomalies in the system. You can also hire third-party safe hackers to try to infiltrate your databases and devices and see where weaknesses are. Armed with knowledge of where an attack is most likely to occur, you can defend your data and customers.
Train workers
The human factor is one of the most significant security threats to most businesses. Employees fail to protect their passwords, and hackers take advantage of their complacency.
Teach employees to:
- Change passwords frequently
- Install updated virus protection
- Use two-factor authentication
- Use passwords unique to each login
- Make login information as complex as possible
In addition, security questions should be unique. Avoid the ones every site asks, such as the mother’s maiden name or the name of their first dog. Instead, let people make up questions or ask things out of the ordinary, such as favourite vegetables.
Embrace IoT while staying aware
The IoT offers advantages small businesses need to grow. Awareness is the first step to protecting client data and avoiding being a victim of a botnet attack. As the use of IoT devices grows, stay aware and make any needed changes to keep your company and your customers safe.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.