10th October 2016

Valentin Clerbout

In September, within a few days, Krebs on Security and OVH were affected by the largest DDos attacks ever registered (Distributed Denial of service attack – overload of servers caused by a high quantity of requests causing them to be unavailable). If the reasons remain unknown, the happening of these events should alert us about the “all connected”.

With the Web 3.0 and the connected objects, manufacturers are more and more inventive, so that all our devices (WebCam, fridges, thermostats, loudspeakers,…) can be available online and to control from Smartphones or any other devices connected to internet. For hackers this is almost an unlimited number of devices (estimates relate several billion objects connected in 2016) which can be targeted as entry points to a network and be used as a starting point for a DDos attack, or any other malicious attack.

These cyber news which are part of our daily news flow represent only a relative threat to each individual. Indeed who, except the people sensitised to these issues, pay attention to the fact that or the servers of OVH were interrupted by DDos attacks? Not many people… but this could change.

On internet everything is swapped, shared, and sold. On the surface all this seems legal – but when you start looking closer, there are an array of programs, real tool boxes, which allow to scan, force open, contaminate or exploit loopholes in the security. And this, without being an IT genius….

So what are the consequences?

From Ransomware (a virus, which crypts the totality of your hard drive and your data, making them inaccessible until you pay for the access code) to phishing (sending wrong e-mails or websites, inviting you to provide personal information, passwords or credit card numbers…) the means applied to penetrate your private live are plenty. In times of “all connected”, where personal mails, cloud, agenda, e-banking, social media, domotic systems are accessible per internet. Respecting some basic rules is essential, because the degree of interconnection is such that IT services of companies cannot any longer ignore these forms of social engineering.

At IAM our security policies are very strict and we audit our processes annually. We always look for the best solutions to guarantee a maximum security for our clients’ data. However we specially stress the responsibility of each of our associates. This is for example done by creating awareness about “strong” passwords or the importance of always adopting a “responsible” behavior when reading e-mails.

And tomorrow?

As surgeries are already performed from distance, first autonomous cars hit the roads and that some pacemakers are connected, do we need to live in a Faraday cage? Of course not, but the emerging of these risks, becoming more and more important, the subject of cybersecurity is pushing to the front and will definitely be part of all strategies in the years to come.