Every year, the World Economic Forum’s Global Risks Report identifies and analyzes the planet’s most pressing risks. This year’s report, published on January 17, includes a survey in which almost 1,000 experts and decision-makers rank the top 10 risks according to likelihood and impact. Cyberattacks were ranked third in terms of likelihood and sixth in terms of impact.
To understand why, let’s return to October 2016 when a massive distributed denial of service (DDoS) cyberattack effectively crippled the internet by targeting servers belonging to Dyn – a company that controls much of the internet’s domain name system (DNS) infrastructure. Like most large DDoS attacks, this one was perpetrated using a botnet – a network of devices infected with malware – to bombard servers with traffic until they collapsed under the strain.
What made this attack unusual was the type of infected devices used to orchestrate it. These were not personal computers, as has mostly been the case in the past – instead they were Internet of Things (IoT) devices such as IP cameras and home routers. Dyn estimates that as many as 100,000 of these compromised devices were used in an attack that was twice as powerful as any seen before.
According to Ericsson estimates, there will be approximately 18 billion IoT devices by 2022 and, worryingly, many of these devices are assumed to be vulnerable to attack. This massive number of easily compromised devices significantly increases the likelihood of future botnet attacks. Indeed, the ease with which such attacks can now be perpetrated is illustrated by the fact Kaspersky believes they can be launched for a cost not exceeding USD 4 per hour for the first hour and just USD 0.325 per hour for subsequent hours.
This low cost of entry contrasts starkly with the damage that can potentially be caused. A global cyberattack could cause USD 121.4 billion of economic losses, Lloyd’s of London estimated in July 2017.
Ericsson leverages its experience gained from securely managing over 300 networks worldwide, and unique sources of threat intelligence, to provide a complete portfolio of security services optimized for future IoT environments and 5G networks. Delivered via our managed security portal, our services cover the entire lifecycle from identification through protection, detection, response, and recovery – in accordance with the US National Institute of Standards and Technology’s cybersecurity framework.
In addition to following best practices, we use the best tools for the job – sourced from leading cybersecurity vendors such as McAfee, Splunk, Cisco, Fortinet, Infoblox, Juniper and Palo Alto Networks, among others.
In a scenario such as the one illustrated in the accompanying video, in which Ericsson detects an attack on a service provider connected to one of our 5G networks, our team of security experts will immediately start working on a cure and deploying advanced sandboxing tools. Within hours, over-the-air updates are sent to the affected network to restore normal operation. Automation and machine learning ensure that lessons are learned so that similar attacks can be either avoided or, at worst, dealt with more quickly in the future.
Learn more about Ericsson’s Managed Security Services.