On October 21st, a huge portion of the internet failed due to a large scale cyberattack. The target, DNS provider Dyn, covered popular services such as Paypal, Netflix, and Twitter. According to analysts, attackers used a huge botnet to perform a Distributed Denial of Service (DDoS) attack of 1.2 terabits per second.
A DDoS attack essentially floods a network with thousands of false requests, causing it to crumple under the pressure. The tactic is nothing new, but according to Microsoft Cybersecurity expert Paul Nicholas, it marks a turning point.
“We have never been as exposed to cyberattacks“ says Nicholas, “and because [of] technology's pervasiveness in our lives, the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome than in the past.”
Nicholas' major concern about the attack is its size – the biggest attack in history. Perhaps scarier, however, is the range of everyday devices used.
Attacks came from the Miral malware, which has infected printers, cameras, baby monitors and more.
We are getting ever closer to a world in which no device is secure, and Nicholas believes this should signal a shift in policy:
“Security professionals have long accepted that no interconnected system will ever be 100% secure, and that there will soon come a time when even the fundamental underpinnings of the Internet itself could be put at genuine risk of failure due to cyberattacks,” he says. “If this is the case, should the resources we put into preventing successful cyberattacks be matched by our preparations for handling a successful attack's consequences?”
Nicholas is calling for a global shift to what he calls ‘cyber-resilience'. He calls for backup systems that will implement if the worst happens.
“The reality is that cyberattacks are not zero sum games where a breach means unavoidable system failure,” he says. “With complex technologies there will be as many ways of working around an attack, as there are ways of carrying it out. Investing in cyber-resilience will make this practicable.”
Despite technological advancement, the change requires as culture shift just as much as a resource one. Nicholas says that organizations need “forward-looking, outcome-oriented goals with clear accountability.” They also need to create an environment in which creativity can foster in managerial, operational and technological roles.
Ultimately, things need to change to keep the internet we love secure. We need further investment in research and education about cyber-resilience and further identification of best practices.
“For now, cybersecurity gets more headlines than resilience amongst political and business leaders,” says Nicholas. “But one without the other will never be enough to secure our societies and economies.”