The Real Threat to IoT Cybersecurity is Poor Planning, Findings from Dyn DDoS Attacks

IoT cybersecurity report shows Dyn DDoS attacks were cause by poor planning

The Internet of Things, or IoT, has brought us many benefits as consumers. Along with those benefits, however, the growth of IoT has also brought greater cybersecurity risks. in a recently published white paper on IoT cybersecurity from Arbor Cloud, the security division of NETSCOUT and a leading provider of DDoS protection in enterprise, mobile and carrier market segments.

The report, called IoT DDoS Attacks Show The Stakes Have Changed, also containing research from Forrester, retells the story of the massive DDoS attack on Dyn, a little-known company whose name was suddenly on everyone’s lips as of October 21, 2016.

What the entire report suggests is that poor planning was the real reason behind the massive Internet outage that hit the United States that day. Moreover, it brought to the forefront many considerations that will soon become standard practice for IoT security.

First of all, as consumers, we need to realize that this is a very real threat. The fact that Twitter and Reddit were down for about two hours that day might not have a direct impact on your life. But the fact that it was somebody’s webcam, somebody’s smartphone or other connected device that was responsible for the outage brings the problem right into our homes.

Second, the Dyn attack exposed major flaws at the basic decision-making level that shouldn’t have been there to begin with. This is what Forrester’s Jeff Pollard, Joseph Blankenship and Andras Cser say about the attack:

“In the span of an 11-hour period, the fragility of ubiquitous connectivity was on display. Many of the businesses affected by the attack were unable to recover because they had introduced a single point of failure in their services by relying on a single primary authoritative DNS provider, lacking a secondary authoritative DNS provider.”

And what was the extent of the disruptions? The report continues:

“Major digital brands suffered disruptions. Internet-dependent businesses like Etsy, PayPal, and Spotify, among others, experienced major disruptions. Enterprise email was down (Microsoft), software development paused (GitHub), numerous line of business apps were unavailable (Okta), advertising revenue wasn’t generated (Reddit/Twitter), and in a twist of irony, outage monitoring services went down, too (PagerDuty).”




It’s scary to think something like this can bring life to a screeching halt, even if it’s just a couple of hours.

Botnet attacks aren’t new, but they certainly aren’t going out of fashion. As more Internet of Things connected devices go online, their threat will continue to grow. There might not be much we can do on a large scale as consumers, but we can most definitely improve our cybersecurity habits, even if it’s as simple an act as using unique and complex passwords for our online accounts.

The findings from the Dyn DDoS attacks, as well as other cybersecurity breaches such as the massive Yahoo hacks from several years ago that came to light last year, teach us one very valuable lesson: that the weakest link in the cybersecurity chain is usually the end user; or, in the case of IoT systems, the implementer and the end user.



Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.