The Not So Obvious Consequences of a DDoS Attack

June 24, 2015 Kevin Whalen

Cause And Effect Signpost Meaning Results Of Actions

The word “literally” may very well be, quite literally, the most over used word in use today.

It is the lifeblood of the modern business. Because DDoS targets the availability of all of that, it should be considered a serious threat to business continuity. You need a well-considered strategy.

Poorly performing or unavailable public-facing websites, or help desks, or self-help sites – any services that customers interact with directly, are just the beginning. Customers can all too easily move to the competition. What is the lifetime value of these customers? How much will you have to spend to keep them, or worse, get them back? Companies can take actions to win back customer confidence such as offering coupons, rebates, or other incentives like identity theft protection services but these too carry a cost. What is the impact on company brand and reputation of poor performance or service unavailability?

Public facing isn’t the only issue. What about internal apps and services, or those of your partners? The modern enterprise leverages a multitude of servers on the back-end to provide business-critical services. Even if you are lucky enough that none of the traffic to and from your server is compromised, many attacks targeting the application-layer can bring down the server itself. Even a single server failure can have a cascading effect on back end systems and a ripple effect of unexpected consequences.

In retail, a POS (point-of-sale) system that cannot communicate with your inventory database, or the current discount data, can severely impact in-store sales. If you are a manufacturer and a back-end system goes down, your suppliers can’t order parts and your products can’t get built. If you are the financial analyst and cannot access current revenue and sales data it will be tough to close the books. Field resources can be crippled from performing on-site service if they cannot access customer service history or current account information.

Just some of the business and operational implications to consider:

  • How many IT personnel will be tied up addressing the attack, and what are they paid per hour? What else could these resources be contributing to the bottom line rather than mitigating slow performance or re-routing traffic?
  • How many more help desk calls will be received, and at what cost per call? This could be either internal calls or external, customer-facing.
  • What will it take to recover operations? Will it require reconfiguration of components, additional capacity or components, even if on an interim basis? Under certain circumstances, what data might get lost or have to be manually re-captured?

Define risk?

At a time when availability has never been more important to businesses, DDoS attacks have never been more innovative, dynamic or consequential. For example: The exploit of improperly secured servers for amplification/reflection attacks, leveraging common protocols such as NTP, DNS or SSDP, has made possible DDoS attacks of unprecedented size, already surpassing previous records in the first quarter of 2015.

These attack dimensions can cause service problems for a number of common infrastructure components including routers and switches – problems that will require your staff’s time and attention. ADCs, load balancers, even firewalls and IPS today have at best only limited or partial DDoS mitigation capabilities. They simply are not designed for comprehensive DDoS protection. They have no broader network traffic visibility nor integrated threat intelligence and are vulnerable to the more sophisticated multi-vector, volumetric attacks, such as state table exhaustion techniques.

In the modern enterprise, the list of web-based applications where performance and availability are critical to the business goes on and on. When attempting to weigh the consequences of today’s DDoS attacks, it pays to think carefully and more broadly about consequences, and defenses.


The post The Not So Obvious Consequences of a DDoS Attack appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
Everything old is new again
Everything old is new again

Photo by Shirley Halperin via Billboard This weekend in San Francisco, the...

Next Article
Crossing the Chasm From ‘Prevent and Respond:’ How do you start?
Crossing the Chasm From ‘Prevent and Respond:’ How do you start?

In last week’s post, we introduced the maturity profiles we identified as a...