Akamai Technologies' Tom Ruff explains three emerging threats that could be significant for startups, SMBs, enterprises, and governments, and what organizations can do to mitigate them.
Tom Ruff, vice president of public sector for Akamai Technologies, explained how hackers infiltrate critical infrastructure to TechRepublic's and ZDNet's Dan Patterson.
Dan Patterson: I wonder if you can help us understand, Akamai's business is so huge, how do we quantify the data business, and the role Akamai plays in servicing governments and businesses whether they're SMB, startups, or enterprise companies?
Tom Ruff: Sure. Akamai, if you're not familiar is a very unique solution. We are an accelerator and actually a technology that helps secure internet transactions. Our customers are really who's who and almost any vertical out there so that would include 14 of the 15 cabinet level agencies, that would include the top media and entertainment companies, financial institutions, ecommerce companies, the list goes on and on.
The reason why those verticals have chosen Akamai is because we have a widely distributed, very intelligent technology that overlays this thing called the internet. Overlays it to the point that we're in 1,700 of the most relevant networks that make up the internet, we're in 2,300 locations, we're in 120 plus countries around the world. In other words we've got an overlay technology to the Internet that is no more than one network hop away from 90% of the internet users in the world. It could be citizens accessing payroll information commercially, it could be citizens that's going after tax information or new legislation, or citizens or consumers that are going to eCommerce sites or looking at streaming media over the Internet.
Akamai has a fairly strong presence within almost any vertical and given our reach across the internet we actually see a lot of things that we can actually take control of on behalf of our customers and be able to understand the traffic patterns, understand what kind of devices as well as what applications individuals might be going to, but just as important it's an advantage in that given the fact that we're so close to the end user, again 90% of the internet users in the world, we can actually invoke through our intelligence and big machine learning and big data the ability to be able to ward off and mitigate the vast majority of web threats out at the edge as opposed to in our customers data centers so we have a unique advantage because of our distribution and visibility into traffic data and consumer oriented traffic patterns to be able to ward off threats at the edge as opposed to close by the data center.
Patterson: Yeah Tom, it is almost impossible to overstate Akamai's influence and like you said, vision, into how the internet is evolving. I wonder if you can help us contextualize some of the threats that you see from a macro prospective. When you analyze data and you look at traffic flow patterns, what threats are emerging now that could be new or significant?
SEE: Internet of Things policy (Tech Pro Research)
Ruff: We continue to see threats, really SQL injections, as the number one threat vector that we see and it's a shame because a lot of that threat could be taken away by simple enterprise hygiene, multi-factor authentication would be one. Being able to do an application assessment in terms of what data's really valuable and making sure that that is protected over if data was breached, and it will be breached, it would not have an impact to the mission of the government or to the business of the commercial enterprise.
We're also seeing new technologies, the internet of things though it has many wonderful capabilities that would help mankind it also has been determined that it can be weaponized and what I mean by that is you could take a look at the attack about a year ago on DYN which is DNS which is critical infrastructure for web infrastructure. If you take down your DNS you're dead from an operational prospective. The fact is that the bad guys who are getting smarter everyday figured out a way how to hack into over a million IoT devices, in this case cameras, and basically weaponize them to turn those devices into traffic towards DNS infrastructure which took it down and took down some large cloud providers, took down some big enterprises because DNS is so critical to the infrastructure.
We're starting to see new trends in terms of IoT devices becoming weaponized, DNS infrastructure hasn't been seen as a target three or four years ago, but now has been seen as a ripe target. Then you can take a look at not only application injection and SQL injections but DDoS. DDoS has been around for years and it used to be a 50 gig attack could take down an average infrastructure that has a 10 terabit pipe coming in but now we're seeing attacks a quarter of a gig all the way up to a terabyte of attack traffic like we saw in Dyn and quite honestly Akamai saw a 1.2 terabyte attack just two months ago and we were able to defend and keep our customers up and running.
DDoS has become important, not necessarily the number of DDoS attacks so we're seeing those go down, but the size of the DDoS attacks are now enormous compared to what we were seeing years ago. Sometimes DDoS is done by either nation states or activists or organized crime just to try to take somebody down or to try to communicate a way of doing a ransomware like we see in SQL injections, but they're also seen as a way to guise a backdoor attack so as everybody's scrambling around to address the DDoS there's probably a SQL injection so we're starting to see multi vector attacks at the same time where the troops run to the left and meanwhile the bad guys are coming into the right.
SEE: The Power of IoT and Big Data (Tech Pro Research)
We're seeing a wide variety of attacks and quite honestly in the last two weeks, actually in the last week we've seen local communities and cities like Baltimore City just had it's 911 capabilities hacked into so they had to go to a manual audio answer versus technology. We saw in Atlanta most of the citizens services that the government provides being taken down by activists that now have ransomware for $51,000 we'll turn your citizen services back on. The landscape, the number of vectors continues to change and it seems to be a very ripe target because the chances of getting caught or the penalty of getting caught is much less than the way crimes were committed in the past.
Patterson: Tom, there's a lot to unpack there that's incredibly important, particularly what you mentioned about the rise of the Internet of Things, coupled with the rise of data and artificial intelligence that of course has ramifications in super massive DDoS amplifications attacks like you mentioned and the injection attacks that can often obfuscate or work as a multi vector attack.
Let's stay on the internet of things, we have data that says there will be 20 to 50 billion devices in the market over the next 10 years, it's a size that's almost impossible to comprehend but what does this mean for security, for data security, and for harnessing those devices to produce a tax like you mentioned, like Dyn and other amplification attacks?
Ruff: Sure, so it's of such interest, that the government is now taking a hard look at IoT devices and actually taking a look at potentially regulating devices as they come into the states which I believe would be very smart because your average IoT device manufacturer is a consumer play. The difference between a camera, in-home nanny camera, that sells for $99, versus one that might have an additional $10 tax on it, to ensure security at $109 could be a huge swing in terms of market share. There aren't any huge incentives for manufacturers to be able to really invoke some additional security because it is a price-point game, $5 dollars or $10 shift here-and-there could really impact market share.
I believe it's going to be up to countries, and I believe it's going to be up to the U.S. government to take a look at, and they're already kicking around legislation, that would require that these devices have some form of security on them that would allow them to do their job as opposed to be able to weaponize the devices and go after critical infrastructure or go after ecommerce. I believe it's going to be a combination of both industry and manufacturers making some adjustments but it might need some assistance from governments in order to make sure that that does happen.
- Why human vulnerabilities are more dangerous to your business than software flaws (TechRepublic)
- Top 5: Ways employees create security headaches for their companies (TechRepublic)
- How to build security into your company's IoT plan (TechRepublic)
- The Internet of Things: 10 types of enterprise deployments (ZDNet)
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)