DDoS attacks can devastate a company financially
- Loss of sales opportunities
- Long term brand damage
- Diverting resources from business-critical projects
DDoS can take an IT department’s reputation offline too
- Attacks are more frequent and more intense
- Current levels of DDoS protection are inadequate
- Downtime could undermine the IT team’s reputation
Any business could suffer a DDoS attack
- All industries are vulnerable
- Attacks are more frequent and more intense
- Too many businesses don’t recognise this threat until it’s too late
DDoS – think it’ll never happen to you?
“It’ll never happen to me” is a well-worn cliché for foolhardy overconfidence. And it applies to enterprise cybersecurity, specifically preparing for DDoS attacks. Our survey into more than 300 UK and DACH organisations found that the overwhelming majority —83% — believe they are adequately prepared to withstand an attack.
However, 54% of businesses have suffered at least one successful DDoS attack in the last year, with the average victim suffering three attacks over this period. How prepared businesses think they are, and how prepared they actually are, just don’t match up.
Is your business prepared for a DDoS attack, or is it overconfident and underprepared? Download our report, DDoS Overconfidence and Underpreparedness, to decide if investment has left you complacent.
Investment in DDoS protection is up — but so is complacency
Our research shows businesses are investing more in DDoS mitigation than ever before. 49% have invested for the first time in stopping these attacks, and nearly two-thirds plan to invest more than the already have.
This increase in spending is, understandably, leading to increased confidence in DDoS prevention. But the numbers tell a different story — successful attacks are on the rise and investment isn’t keeping up.
Read our full report into DDoS attacks and prevention to understand why confidence in DDoS prevention is misplaced.
Most DDoS attacks are not random
There remains an idea that many hackers pick their victims at random, attacking systems and bringing down websites just for the simple thrill of it all. But cyber criminals are increasingly professional, picking their targets to find the most vulnerable and making money from ransoms from their victims. 60% of businesses that have suffered a DDoS attack believe they were targeted and not chosen at random.
Blackmail, hate crime and ideological conflicts are blamed by businesses as being behind DDoS attacks, but the most common assumption is that these are malicious attacks by competitors. Random targeting and “self-inflicted” DDoS (bugs and errors causing overwhelming data traffic) do happen, but the overwhelming majority of businesses point to attacks having specific, deliberate motives.
Can you be confident in your DDoS protection?
83% of UK and DACH businesses describe themselves as either confident or very confident, both in their current DDoS mitigation arrangements, and also with how resilient they will be in two years’ time.
Yet, 86% confirm they have suffered a DDoS attack in the last 12 months, with an average of six attacks every year. A staggering 8% had detected more than 50 DDoS attacks in this time. The growth in both frequency and severity of DDoS attack means this will only get worse.
Speak to us to decide if you’re right to be confident in your own DDoS mitigation, or if changes are needed.
What is a DDoS attack
A denial of service attack occurs when web infrastructure, usually one or more servers, becomes so overwhelmed with malicious traffic that it utilises all its resources and can no longer respond to legitimate website users. A distributed denial of service attack amplifies this scenario by launching an attack from multiple computers distributed across the internet. Most large-scale DDoS attacks use botnets ─ computers with breached security that are being controlled and manipulated by the perpetrators of the attack.
The perpetrators instruct all computers in the botnet to send fake or malicious traffic to the targeted organisation’s Web servers, overwhelming them with traffic and rendering them incapable of serving legitimate users. DDoS attacks have become prevalent for three simple reasons ─ they are cheap, simple to create, and effective.
Here are five keys to mitigate a DDoS attack
The first step is to perform a vulnerability test to identify where the gaps lie in your system and network defences, and how easily they could be exploited. This will entail an extensive review of your network’s strengths and weaknesses, and whether your DDoS mitigation is fit for purpose.
This analysis should also include penetration testing (also known as an IT Health Check or a “pentest”). This will simulate an attack on the vulnerabilities from within and outside the network and determine if unauthorised access can be made to data. While this may not seem pertinent to DDoS, the findings above showed 13% of respondents believed that the DDoS attack(s) they suffered were a deliberate distraction away from other malicious events, such as direct network hacks. So if your network is vulnerable to traditional hacks where data can be stolen, in addition to being vulnerable to a distracting DDoS attack, you are a prime target.
The testing stage will show you where the vulnerabilities are, but choosing the correct solution then takes further examination. DDoS exposures are often complex, making identifying the root cause of the problem, and therefore the most appropriate fix, equally so.
For example, a Web Application Firewall (WAF) will analyse traffic on the edge before it reaches the network and only allow genuine traffic to reach the origin. Another solution may be to use a whitelist of allowable inbound traffic rather than a blacklist of unacceptable input. Others include ensuring proper error handling, or not using unencrypted communications or authentication.
Resources such as the Open Web Application Security Project (OWASP) can help however. OWASP ranks the top 10 most critical web application security risks by ease of exploitation, prevalence, detectability and impact. OWASP also includes a section on how to tell if you are vulnerable and how to prevent the attack. By combining this intel with advice from your security partner, you will quickly shore up your defences.
The data above has shown that those who have not yet been hit by a successful attack underestimate their likely severity. Regardless of presumed strength and resilience, business continuity should therefore be a key part of any DDoS planning. Again, the data showed only too well the very real possibility of catastrophic financial, legal, regulatory, and/or brand reputation effects.
Aside from the technical requirements of duplicating information and ensuring that recovery time objectives and recovery point objectives (RTOs and RPOs) match your business needs, there are also multiple procedural requirements. The immediate checklist is to identify your crisis team for when an emergency occurs, including who can be reached at any time within your security partner(s), how they are contacted, who is responsible for what, and who needs to be informed internally and externally.
It should be noted however that many companies devise a communications plan, but fail to appreciate that some of their usual mechanisms for contacting people will be down in the event of a serious DDoS attack. Blogs and emails may not function, so be prepared to use alternative channels such as social media to keep partners, employees, customers and even the media informed.
Sometimes, DDoS attacks are caused by cybercriminals who will demand a ransom before they will cease the attack.
Paying is not recommended. Firstly, there is no guarantee the attacker will honour any payment. Further, if a payment is made once, there is a strong likelihood the same attacker will return, much like organised crime and “protection rackets”.
Instead, inform your legal team of the attack and send them the ransom notes. Depending on the length of the attack and its impact, some organisations may need to disclose the attack as soon as possible, as was seen with Wannacry ransomware in May 2017.
The war between brands and their defences and the cybercriminals is nothing short of an arms race – and some battles will be won by the cybercriminals. In acknowledgement of this, some organisations have taken out insurance policies against data breaches and other cyber-attacks. Crucially, if you consider this, you must ensure that the policy reflects not only immediate, pragmatic impacts, but also any possible fines that may be applicable.