When was the last time you (really) thought about your DDoS protection?

January 25, 2016 Tom Bienkowski

DDoS on codeThousands of distributed denial of service (DDoS) attacks are executed every day. For any company that depends on its Internet presence, the consequences can be severe – lost revenue, the cost to mitigate the attack, brand repair if your company name is splashed across media headlines, lost/customer credits, lost productivity, ransom payment demands, and…and…If you really spend some time to think about it, the list and impact can be quite large.

One of the things that is contributing to the rise in DDoS attacks is the fact that it’s never been easier in history to launch a DDoS attack.  Anyone, without any technical skills, can launch a DDoS attack. Tools for launching DDoS attacks can be downloaded for free, and the botnets that flood a site with traffic can be rented or purchased anonymously at very little cost (innocuously marketed as boot stresser services). More and more actors are getting in on the action as they realize how straightforward it is. If they run into trouble, there are even robust online communities of like-minded attackers they can turn to for support.

Who’s Doing It – and Why
You probably don’t expect a DDoS attack on your company’s network – you have no enemies (as far as you know), you ruffle no feathers and stay out of the spotlight. But organizations are attacked for any number of reasons:

  • Just for the heck of it, aka nihilism or vandalism (the most common reason, according to industry surveys)
  • Extortion (these attacks are growing in frequency)
  • A competitor that plays dirty
  • A former employee with an ax to grind
  • An angry customer
  • Political/ideological disputes
  • Financial market manipulation
  • A nation-state flexing its muscles
  • An Internet activist who wants to show that “cyber security’ is just a pipe dream
  • Upstart hackers trying to impress their peers
  • Even a mistake – a DDoS attack meant for someone else and you are caught up in the collateral damage. 

Almost No Industry Is Immune
Because the motives are so varied, almost any business can fall victim to a DDoS attack. With few exceptions, (like when there’s a political or social motivation) hackers don’t care how boring, noble, significant or insignificant a target may be, they just want to cause trouble, make a political statement, protest or make money. Thus, victims include Internet Service Providers (ISPs), government agencies, news media, social media, gaming sites and E-commerce companies. But they also include healthcare organizations, universities, utilities, manufacturers and even law enforcement. In short, if your organization has a website, you should assume that it could be the target of a DDoS attack.

Quantifying the Risks
In a recent Aberdeen Group report, Quantifying the Risks of DDoS Attacks for Network Service Providers and Traditional Enterprises, analysts estimate the likelihood of one or more DDoS attacks for companies in each category over the next 12 months. Aberdeen also calculates the likely business impact of DDoS attacks over the same period, using a simple Monte Carlo model of revenue lost, cost to block the attack and repair the damage, and loss of future business.  Just one example: 70% of service providers and 53% of enterprises are likely to experience a business disruption as a result of a DDoS attack in a given year. Are you willing to take that risk to the business?

Conduct the Proper Risk Analysis to Protect Your Business
In our experience, many organizations do not conduct the proper risk analysis when it comes to DDoS protection. Without the proper knowledge of:

  1. DDoS attack trends (i.e. ease, motivations, attack types)
  2. Best practices in DDoS mitigation (i.e. Products, People and Processes)
  3. Impact to your business (i.e. downtime, loss revenue, mitigation costs etc.)

You cannot accurately calculate the risk to your organization and thus justify and put the proper business continuity plans (i.e. DDoS protection) in place.

Arbor has the industry’s widest portfolio of DDoS protection products and services. We are confident that we can customize a solution to match the risk profile of your organization.

Want to learn more about the growing DDoS threat? Register for our upcoming webinar coming up on February 4 at 11:00 am ET.

The post When was the last time you (really) thought about your DDoS protection? appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
Stephen Gostkowski, SOC Analyst

Well, the Patriots lost another heartbreaker in Denver, and it happened because of something that nobody, a...

Next Article
ISP Traffic Visibility and the Future of Network Services
ISP Traffic Visibility and the Future of Network Services

The process of prepping for my recent interview with Light Reading’s Steve Saunders got me thinking about A...