It’s Time to Talk Security With Your Customers

Have you heard about the recent cyberattack that took down a large portion of the Internet?

On Oct. 21, a distributed denial of service (DDoS) attack was very skillfully — and successfully — launched against Dyn, a company which controls a large portion of the Web’s domain name services (DNS). Think of Dyn like an address book, which converts your URL request to an IP address. For example, when you type in “www.netflix.com,” Dyn looks up that URL and sends you to the IP address of the server(s) hosting the content you’re looking for.

The responsible party (whose identity is still unknown) used a form of malware called Mirai to create a “botnet”.  Traditionally, botnets infect computers or servers, but in this case, they infected IoT (internet of things) devices. In particular, thousands of unsecured webcams and DVRs from Chinese manufacturer Xiongmai were taken over and used in the attack. Together, the infected devices overloaded Dyn’s servers with Web traffic, and caused them to shut down.

The attack is widely regarded as the largest of its kind in history. It was a sustained attack which lasted for the majority for the day. As a result of targeting a DNS provider like Dyn, many major websites that Dyn hosted DNS for — like Twitter, CNN, Netflix and Spotify — were all shut down.

Now that you have a basic overview of the incident, let’s get down to it. You need to have a conversation about cybersecurity with your customers. And this incident could be a great conversation starter as it’s timely and important.

Here’s how you should approach the subject:

Cybercrime is no longer just a risk. It’s literally pounding on the front door of your customers’ networks. And if they don’t act soon, eventually that door will be broken down.

Up until recently, hackers had to sneak into the corporate network to cause trouble. They to phish for employees’ login credentials, search for backdoor network entry points, or send infected email attachments laden with malware. But now, hackers can simply shut down a website with sheer force using a DDoS attack.

As we mentioned, DDoS attacks are typically launched using infected servers or computers. But now, with the advent of the Internet of Things (IoT) and smart devices like printers, refrigerators and cameras, DDoS attacks are only getting worse. Why? It’s because many IoT devices have weak security measures, making them extremely easy to hack.

Keep in mind that IoT is rapidly accelerating, as more and more IP-enabled devices are being rushed to market. And just recently, the botnet code used in the Dyn attack, Mirai, was made available to the general public, meaning it’s very easy for amateur hackers to obtain it and launch their own botnets against any businesses they choose.

So put two and two together here and you have a very dangerous situation developing.

Moving forward, manufacturers will almost certainly begin updating IoT devices with patches to protect them against cyberattacks. And devices which have already been released can be recalled and replaced with more secure solutions.
But the message to tell your customers is that they should not wait for manufacturers to intervene.  They need to take action and protect their networks against DDoS attacks now.

This is where you, as a trusted advisor, come in. Once you catch your customer’s ear about DDoS attacks, mention that there is a solution that can help. What they need is a DDoS Mitigation solution. DDos Mitigation solutions leverage a network of global scrubbing centers. Basically, a scrubbing center sits between a business and the rest of the Internet. Incoming network traffic gets routed through the scrubbing service before reaching the business, in either an always-on (proactive) or on-demand (reactive) fashion. The scrubbing service only allows clean traffic to pass through to the business.

Ultimately, your conversation should culminate with your customer deciding to layer a DDoS Mitigation solution over their Internet connection. A third-party service like Level 3, for instance, can act as a filter to protect against DDoS attacks.

The takeaway is that no business should be naked against Internet threats. Layered security is critical for keeping businesses out of harm’s way online. The more layered security solutions there are in place, the better off a company will be.

If you’re ready to start selling security solutions to your customers, you can lean on the experts at AVANT to help you.  Get started now!