DDoS or distributed denial of service attacks are increasingly in the news spotlight — from high-profile breaches like Talk Talk, to the arrest of two teenagers responsible for DDoS for hire services. The reason is that DDoS attacks are on the rise and are targeting organisations of every size in every industry — in fact, according to Cisco, in 2015 these attacks rose by 25 per cent from the year before.
Historically it was businesses in finance or banking that were targeted by cyber criminals, but today everyone is at risk because organisations simply can’t afford the risk of downtime. This makes financially-motivated attackers bolder, something that’s clearly demonstrated by a PwC report revealing 90 per cent of large organisations and 74 per cent of small businesses suffered a breach in 2015, up 81 per cent and 60 per cent, respectively, from the year before. Just what is DDoS?
Simply put, a DDoS event is a large volumetric attack that overwhelms standard firewalls and mitigation appliances almost immediately. Attackers use any means necessary — botnets and cloud resources — to send waves upon waves of traffic to a specific website or network. The target servers can’t cope with this influx and fails.
Simple in principle, tough to mitigate
While the principle of DDoS is fairly simple mitigation tactics are not so. In fact, the attacks (and attackers) are evolving so rapidly that protection mechanisms just can’t keep up. But there is good news; in the last few months awareness of DDoS has increased and, as a result, businesses are softening towards investing in bolstering their protection.
If a company isn’t large enough to have intellectual property, customer data or financial records worth stealing, then the threat of continued disruption and downtime is often enough to get a ransom paid. Of course in some cases ransom is the sole motivation — businesses, like service providers, are told to pay up or face the consequences of having their services being unavailable. This affects not only their operations, but quite often those of their customers too.
Looking at the consequences of unexplained and extended downtime, it’s easy to see that it’s not just the short-term bottom line that is affected. Brand reputation suffers, deals can be lost and customer loyalty is one of the most difficult things to win back.
So as an organisation, what should you be doing to protect yourself and prepare for the inevitable? The next obvious question is: can I do it myself? The answer is no, not unless you are a tier one organisation with the budget and resource (and network capacity) to switch bandwidth and redirect traffic during an attack. On the other hand, DDoS protection isn’t something that you should be completely outsourcing either. Rather, work with your service provider to make sure you’ve got the right cover, in the right places.
Apart from having the right network intrusion and firewall solutions in place, you should evaluate your current and/or future service provider. This is particularly important if you’re in e-commerce or host your business critical data and systems in the cloud. While your organisation could be targeted directly, there is also the danger that you could be affected indirectly if your service provider or one of its customers is attacked.
Typically, you should look at three areas when evaluating your service provider: assessment, mitigation and continual protection. This is essential as an overall approach, but there are also specifics within this that you should also consider.
Assess — DDoS attack readiness
Working with your service provider you should examine your business processes and identify which areas are most at risk. In this way a customised risk profile can be developed. Typically your service provider should have a dedicated team of security specialists or professional services staff who have the expertise to carry this out.
Once your organisation has been assessed, they can then develop a mitigation plan and suggest the appropriate enhancements to IT security, as well as help guide risk-reduction planning. Importantly, this step enables you to understand exactly what your DDoS attack readiness status is.
Mitigate — minimise the impact
Proper DDoS protection is about reducing the impact of an attack — because no security solution is 100 per cent effective. As a result, working with a provider that has the capacity to guide you through an attack and help you mitigate the risk is essential. Does your provider have the technology and expertise to detect (proactively identify a threat), mitigate (minimise the effects of an attack), and monitor (keep an eye on your network on a continuous basis)?
This could very well be part of automated approach — using techniques like scrubbing and blackholing — that removes “bad” traffic or re-routes all of it, effectively taking your site offline.
DDoS mitigation isn’t a one-off activity. The very nature of DDoS and the way in which attacks are evolving and adapting to the security landscape means that your protection strategy needs to change, too. In fact, your service provider should be working with you to ensure that your strategy is adapting and evolving, not only to the changing threat profile, but also according to changes that are occurring in your business, whether that’s implementing new infrastructure or business processes, or expanding into new markets.
The key thing to remember about DDoS is that no-one is immune. That’s not scaremongering; it’s a fact backed up a number of high profile attacks and research, such as findings by Neustar that shows in 2015 73 per cent of global brands experienced a DDoS attack. As a business you need to do what you can to keep your brand and bottom line safe. And you also need to recognise that you can’t do it all yourself — it’s here that your relationship with your service provider can really help ensure you don’t fall victim to DDoS and if you do, that the impact is low.
Russel Ridgley, head of cloud services at Pulsant
Photo Credit: Duc Dao / Shutterstock