A recent study, presented by the content delivery network and cloud security specialist CDNetworks, revealed a major discrepancy between corporate reality and self-assessment in IT security.
Although most of the surveyed companies thought they were adequately prepared for an attack, the fact that more than half of these companies had been targeted in the past 12 months by DDoS attacks proved the opposite. Not to mention that the levels of attacks and data transfer rates (up to 58.8Gbps) are multiplying.
That's why CDNetworks summarized the following steps to help companies addressing DDoS attacks:
- Identify vulnerability and severity of security issue: In a first step, it is necessary to check the security status in the company. This requires a comprehensive review of the strengths and weaknesses of the network to determine where system and network defenses exist and how easily they could be exploited. The latter can be determined by means of vulnerability tests and DDoS test. Then it should be checked if existing solutions for DDoS minimization are sufficient.
- Find a suitable solution strategy: In the early 2000s, when DDoS attacks were still rare and uncomplicated, do-it-yourself solutions provided adequate protection. Today, however, the methods of DDoS attacks and their scope are evolving so fast that individual IT teams and self-developed defense systems can barely keep up.
Arranging for additional hardware to servers and routers is not only costly, it also requires constant updates and configurations toward the increasingly complex DDoS attacks. Not to mention, that the systems are still vulnerable to targeted network congestion. Almost all vulnerability tests show that one of the biggest weaknesses lies within the capacity limits of your own network. If this limit is exceeded - be it due to harmless causes or by malicious DDoS attacks - it comes to a network failure. A practicable solution represents a cloud-based DDoS defense. Cloud security vendors can leverage network capabilities that far exceed those of a single data center, providing reliable protection even in case of very large attacks, and their expert teams are constantly working to keep up with the development of DDoS strategies. At the same time, they can clean up data to ensure that only "legitimate" traffic comes through. Resources, such as the Open Web Application Security Project (OWASP), can also help with DDoS defense planning.
- Be prepared for the worst to ensure business continuity: The findings of CDNetworks’ recent study show that companies that have not yet been harmed by a DDoS attack usually underestimate the severity of it, although the data collected clearly bare the negative effects of financial, legal, regulatory and / or brand image-related nature. Ensuring business continuity should therefore be an important element of any DDoS planning. On one hand, this concerns the technical requirements, such as the duplication of information and the assurance that Recovery Time and Recovery Point Objective (RTOs and RPOs), but the manifold process-related requirements should not be ignored neither.
- Corporate policy for ransom demands and the consequences of cyber-attacks: There are cybercriminals demanding a ransom to end a DDoS attack and free up resources. In such a case, experts recommend not to pay: First, there is no guarantee that the attackers stick to their obligation after the payment of the ransom. In addition, once a payment has been made, the risk increases that the same attacker threatens again, comparable to organized crime and "protection money".
- Company guidelines should instead provide the legal department with information about the attack and the ransom claim. In some cases, ransom demands are sent even before the start of an attack, so it is unclear whether this will happen or be successful. In the event of a serious attack, such as the July 2017 ransomware Wannacry, organizations should report the attack as soon as possible to warn other companies.
The fight between corporations and cybercriminals almost seems to have become an arms race and unfortunately some of those fights are and will be won by cybercriminals. To address this fact, some organizations even started to procure an insurance against data misuse and other effects of cyber-attacks.
By Daniela La Marca