Lessons learned for small businesses on cyberattack against Dyn
At least 3 distributed denial-of-service (DDoS) attack waves hit Dyn, an internet infrastructure company on Friday, 10/21/16. The apparent cause was malware called Mirai that spread to hundreds of thousands of Internet of Things (IoT) such as DVRs and webcams. The malware allowed these devices to act as botnets which generate thousands of nonsense messages trying to process at once. Think of Los Angeles rush hour traffic on the internet. The excessive attempted messages forced servers and therefore websites inoperable. The monumental log jam stopped internet traffic to well-known sites such as PayPal and Twitter as well as retail sites and others. Cybersecurity experts think this may be the largest attack of this kind to date. The malware Mirai was posted on the dark web earlier this month. The likelihood of future such attacks is very possible.
What small businesses can do
More such attacks are probable and small businesses can be impacted even if they are not the initial attack victim. Some safe guard action to consider include the following.
Have redundant web services
If website service is mission critical for your business, you should have a second site registered through a different registrar. You should have a full back up of your website content that you can quickly load to the second website domain. Businesses should discuss with their web developer how frequently the developer backs up the content and ensure a copy is stored in a secondary, safe location.
Have a redundant email service in standby mode
Purchase a backup domain name and contract with a cyber safe email provider for email service that you can quickly expand to key personnel in a disaster.
Have a business continuity plan
Businesses often have a plan in case they have a fire or other disaster. Businesses should have a similar business continuity plan for when their website is inoperable for hours or days. Small businesses may need to have extra phone service so sales people can call their customers and take old fashion phone orders, for example.
Depending on how your customers and suppliers use your site, you need to think of alternatives so you can keep your business moving.
If you manufacture Internet of Things devices
Be proactive and talk with a cyber security expert to plan how you will integrate cyber safety into your device. There is growing conversation about the need for an Underwriters Laboratories (UL) type testing and certification program for Internet of Things devices.
Work with your trade association to make cyber safe IoT devices a key topic for discussion. Business people talk about making America great; businesses can take a lead to make a primary business tool, the internet and IoT devices, safer for themselves and their customers.
Check your IoT devices on your network
Businesses can help protect themselves by checking all devices connected to the internet to ensure they are not infected with malware. Make sure devices do not have factory installed passwords, for example. Consider disconnecting devices when they are not in use. Talk with your cyber security expert on how to reduce your chances of your devices being infected and being taken over as a botnet.
About the Author
Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.