Distributed Denial of Service (DDoS) attacks are increasing in frequency, with the UK in particular having suffered numerous incidents over the past few weeks; the BBC being one such victim, writes Keith Tilley, EVP, Global Sales & Customer Services Management, Sungard Availability Services.
While not the most sophisticated form of cyber-threat, DDoS attacks can bring an organisation to its knees all the same by literally throwing as much traffic at a business in order to flood its bandwidth. DDoS attacks succeed by disabling an organisation’s website – which, in a world where customers demand 24/7 service, can be disastrous. Essentially, every business with an online presence is at risk – and in 2016 you’d be hard pressed to find an organisation that this does not apply to.
As a modern business, your website is your virtual shop front, and to say that downtime in online services will be detrimental to your bottom line is something of an understatement. Think of the lost sales, the damage to customer trust, and the subsequent loss of reputation. To put the threat into context, recent research by the Ponemon Institute found that the cost of just a single minute’s downtime for general businesses could reach up to $8000 (£5719) – and given that the average DDoS attack lasts for 86 minutes, the cost is likely to hit over £491,830 – around eighteen times the average employee salary in the UK.
Nightmare for modern CSO
The rise of this threat has created yet another headache for the Chief Security Officer (CSO). While an organisation may have taken all the necessary precautions against other security risks such as cyber-attacks or malicious hacking, a DDoS attack could render all these precautions irrelevant. It is especially worrying that while DDoS attacks were initially the work of amateurs, an increasing number of criminal organisations are launching these attacks as a smokescreen for a more sinister cyber-attack or for ransom. To illustrate this point, picture your organisation as a fortress. To protect this fortress you had to build a moat, hired an army to stand on guard, and placed canons along the parameter. However, despite all these measures someone simply parachutes into this fortress from above, and disables everything from the inside. A DDoS attack works much like this paratrooper: simple, unsophisticated, yet able to deal out substantial damage.
The news may be full of the high profile names affected by DDoS attacks – from the BBC to online casinos – but what does not come across in the headlines is the sheer volume. The latest news reports state there are now some 7,000 DDoS attacks every day, and with no clear correlation between victims, any business could be next.
Preparation
As potentially devastating as DDoS attacks can be, there is no quick fix solution available to help organisations against this particular threat. The only real answer is to seek the help of a partner with extensive DDoS and attack-mitigation expertise. Defence against these types of attacks are extremely difficult to do on the fly. It is quicker and far more effective to proactively implement defensive measures in readiness, rather than wait until you are under attack. The longer a partner has to get to know the ins and outs of your online systems, the more comprehensive and tailored the protection and defence plan will be.
With an increasingly complex security landscape to navigate, and dwindling budgets, it is easy to understand how protection against such risks may fall to the bottom of the priority list. However, UK businesses need to take a step back and ask themselves: How much is my online presence actually worth? And what lengths would I go to in order to protect it? There is no doubt, answering these questions will help spur organisations into action.
