Cyber crime and cyber attacks are increasing exponentially. Businesses and individuals are facing threats from all sides, from fraud and online counterfeiting, to full-on targeted attacks like data breaches and distributed denial of service (DDoS) events. DDoS, for example, is a much used tactic by cyber criminals – with motives ranging from disruption and masking another type of attack, to theft and extortion.
So just what is DDoS? Simply put, a DDoS event is a large volumetric attack that overwhelms standard firewalls and mitigation appliances almost immediately. Attackers use any means necessary – botnets and cloud resources – to send waves upon waves of traffic to a specific website or network. The target servers can’t cope with this influx and fails.
While the principle of DDoS is fairly simple mitigation tactics are not so. In fact, the attacks (and attackers) are evolving so rapidly that protection mechanisms just can’t keep up. But there is good news; in the last few months awareness of DDoS has increased and, as a result, businesses are softening towards investing in bolstering their protection.
And it’s not an isolated problem. DDoS attacks are happening across industries, targeting all businesses, large and small. Just consider the statistic that almost three quarters of global brands were the victims of a DDoS attack in 2015.
If a company isn’t large enough to have intellectual property, customer data or financial records worth stealing, then the threat of continued disruption and downtime is often enough to get a ransom paid. Of course in some cases ransom is the sole motivation – businesses, like service providers, are told to pay up or face the consequences of having their services being unavailable. This affects not only their operations, but quite often those of their customers too.
Looking at the consequences of unexplained and extended downtime, it’s easy to see that it’s not just the short-term bottom line that is affected. Brand reputation suffers, deals can be lost and customer loyalty is one of the most difficult things to win back.
As the threat landscape continues to evolve and more high profile brands (yes, the Talk Talk breach was blamed on an initial DDoS attack) are placed in the spotlight, the level of understanding of the threat will also change and again attitudes to investing in protection mechanisms will also shift.
Importantly, for many, the belief is that a cyber attack is inevitable – but it’s the way in which it’s dealt with during and after the event that will ultimately affect the scale of its impact.