We are, increasingly, a global online society living and interacting in a borderless digital world. As a consequence the threats we face as both businesses and consumers are also increasingly online and digital.
Since the beginning of the consumer Internet (in the form of the World Wide Web and the Netscape graphical browser) in 1995, more and more of business and individual’s life has an “online” component. Today, globally, one in two people (around 3.5 billion) have an online presence, often (and increasingly) via a mobile device and a wireless network , and thus create both a constantly broadening online identity (perhaps several) and a constantly elongating online history. In the USA, it’s estimated that over 287 million consumers (roughly 87% of the population) use the Internet and more than two-thirds of these people (191 million) transact online to some extent . Over 120 million use a mobile device for some form of commerce.
Over the next decade, many more people and much more “things” will go online and many more activities will be implemented or augmented via digital capabilities. Unlike in the physical world, all online activity leaves traces, whether or not an individual is aware of it, and this “Digital Footprint ” grows both in “space” as users do more kinds of things online and time as the do these things more often. This data increasingly powers the products and services that business bring to market.
All this works because we can connect together information, products, services, customers, and payments in the vast network of the Internet. But suppose those connections fail – not because of a physical fault or break in the network, but because of one of many possible denial of service attacks.
Over the past year, we have seen both more, more intense and more types of these kinds of disruptions. Original denial of service focused on flooding a target website or business with spurious traffic – overloading the network technology at the perimeter of the business and effectively preventing legitimate traffic from getting through. This is still happening, but businesses have become better at mitigation (still far from easy to do well in the face of the massive scale of some attacks) and attackers have shifted to two new vectors:
- Attack the portfolio of services that underpin the operation of the Internet, especially the service that translates the familiar target website names (www.amazon.com for example) into an address that the network technology uses to actually identify and find a route to the target. The Domain Name System (DNS) service is an essential capability in making Internet-based connections work and if it’s overwhelmed (as was the case in the recent attack on the DYN DNS service provider) nothing else works. Mitigations are possible if just one DNS service is attacked, but suppose several or all of them are?
- Attack the user’s local network or access device. A recent denial of service attack in Europe effectively knocked nearly a million consumers offline by crashing their home routers – even routers provided by their Internet Service Providers. These devices are essential if you have more than one device to connect to the Internet or if you want to connect wirelessly, but they are notoriously poorly protected from takeover attempts. And there are hundreds of millions of them installed around the world.
And a recently discovered exploit enables a remote attacker to crash a user’s smartphone, requiring a “hard” reboot of the device, which can take a couple of minutes. Not a disaster, unless you’re in a hurry or in the middle of something important. I’m pretty sure this will get fixed quickly, but who knows how many more such exploits will be developed?
So our increasingly digital world is built on less than completely reliable foundations. Less than complete reliability could generate a lot of frustration and shift business to other channels. Proceed with caution.
- There are approximately 260 million wireless networks in the world today up by a factor of 13 in the past 6 years
- According to the Pew Research Center, 87 percent of American adults use the internet and spend an average of 6.2 hours online every day. Roughly 76 percent of Americans report having a social media account, and most consume news through social media outlets.