Sharing-economy apps are perfect targets for DDoS attacks

Image credit: Profit_Image/Shutterstock

While Western apps such as Uber and Airbnb are the leaders in the sharing economy, business opportunities in Asia for sharing apps are also thriving. With the sheer size of its population, constantly evolving work landscapes and rapid growth in mobile technology, Asia has now become a true hotbed for the sharing economy. According to a Nielsen survey, 81% of Asia-Pacific consumers are more likely to engage with sharing-economy businesses, which is well ahead of the global average of 66%.

Grab, a leading ride-hailing platform that competes with Uber in Southeast Asia, is a good example of this promising growth of sharing-economy companies in the region. Having over 50 million downloads from users and 1.1 million drivers on its platform across 36 cities in Southeast Asia, the company has recently pulled $2 billion from existing investors Didi and Softbank, affirming that the local app company has what it takes to defeat Uber and establish leadership in Southeast Asia’s sharing economy.

Aa a dynamic playground for mobile apps, the sharing economy has nestled itself into almost every corner in Asia-Pacific, especially in the digitally connected society of Hong Kong, where statistics show 53% of Hong Kong locals have installed at least 21 apps on their mobile. According to a study conducted by Hong Kong Internet Registration Corporation Limited (HKIRC) covering 1,500 Internet users in Hong Kong, nearly 30% of respondents said they have taken part in sharing activities – of that number, 80% are consumers.

Alongside the international players, local start-ups have also begun to gain traction in Hong Kong. With ambitions to be the “Uber of Delivery” in Asia, GoGoVan was founded in 2013, using an app to connect van drivers with customers who need deliveries. With more than 10,000 registered drivers and over 20,000 transactions per day, GoGoVan has become the largest fleet in the city.

Success stories like this are testament to the prowess of the sharing economy. But our increasing reliance on apps is also our downfall. Consumers today willingly offer personal information to shave off precious minutes of waiting time. This is great … until they realize that the sharing economy also means an entire interconnected ecosystem of authenticated devices and data – a perfect target for cybercriminals to launch a DDoS attack.

DDoS attacks have been around for ages, but they caught the world’s attention last year with the Mirai botnet, which crippled the Internet and brought down sites such as Amazon, Github, PayPal, Reddit and Twitter. If one DDoS attack can easily take out large big-name websites, one can only imagine the havoc caused when apps such as Uber, oBike and Seekmi – apps that some depend on daily – are made unavailable.

The benefits that the sharing economy brings to improving one’s standards of living are endless, but sharing-economy apps achieve that intelligence by collecting customers’ personal information – such as gender, age, interests and even credit card details – and uploading it to the cloud for data analysis and service improvements.

When enterprises face the unexpected wrath of a DDoS attack, they lose revenue in reduced web traffic and bear the high costs of remediation. More importantly, customers who once trusted that enterprise are likely to view the organization as unreliable.

With the vast amount of data flowing through the sharing economy, these apps are now a prime target for malicious actors to paralyze services for ransom – or worse, to unleash a DDoS attack as a distraction to exploit users’ personal data.

Now more than ever, businesses need to strengthen their stance against DDoS, starting with cultivating a culture of awareness.

Cybersecurity is slowly but surely becoming a priority for many organizations, especially in the wake of Mirai, WannaCry and Petya. Yet IT continues to struggle to gain a foothold in boardroom discussions and drive the point that a proactive cybersecurity strategy is a necessary investment and much more preferable to dealing with the aftermath of DDoS attacks. A Ponemon Report on APAC app security found that only 17% of a given IT security budget is dedicated to app security.

The only real change enterprises have to make is recognizing that they have to carry great losses that extend beyond the monetary when a security breach happens, and that such a breach could happen at any time.

With the right mindset to security comes the right steps. Enterprises should bear in mind that security monitoring and observation are imperative. From prioritizing what needs protection to ensuring your IT program timely and effectively identifies security breaches, every step counts towards a safer future for a business.

Enterprises should also carry out active measures to protect both end users and businesses to better defend their systems against DDoS, starting with digital hygiene practices. This can range from changing passwords every six months to conducting regular patching exercises.

Lastly, enterprises should adopt a cybersecurity infrastructure that creates ongoing conversations across all business units and functions. This will ensure a varied and multifaceted opinion in identifying the critical vulnerabilities in security and building towards a more robust secure strategy in an enterprise.

billy chuang F5Written by Billy Chuang, Senior Manager of Field System Engineering at F5 Networks Hong Kong

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.