Partner Article
Safeguarding your business before, during and after a DDoS Attack
~~By Ashley Stephenson, CEO at Corero Network Security
The rise in Distributed Denial of Service (DDoS) attacks and other cyber threats cannot have escaped notice over the past few years. Popularised by hacktivist groups such as Anonymous and Izz ad-Din-al-Qassam Cyber Fighters as a form of political protest, DDoS has become an attack vector that is no longer a minor nuisance, but a serious threat to online businesses. DDoS attacks are relatively simple to carry out, and very effective at causing disruption to any online services. What is particularly problematic about DDoS attacks is that they are increasing in power and sophistication each year.
With the increase in malicious attacks on organisations from cyber criminals, ideological hacktivists, nation states and even competitors, there is no foreseeable end in sight to the use of DDoS as the preferred method of intentional disruption. It is for this reason that it is particularly concerning to see the lack of preparedness of many businesses to a type of attack which has the potential to cause significant loss in revenues and serious brand degradation.
With DDoS attacks offering hackers the ability to take down an organisation’s critical web services, the scope of the traditional business continuity and contingency plans needs to be broadened. It is good business practice to have a comprehensive business continuity plan in place to prepare an organisation in the event of extended service outages caused by factors beyond their control; and now, more so than ever, this needs to be extended to include cyber security incidents. Failure to acknowledge the importance of including a cyber-attack resilient infrastructure in a business continuity plan rather than traditional disaster recovery, leaves businesses at the mercy of these new age threats.
To what degree are businesses under-prepared?
In spite of the heightened media exposure surrounding the harmful effects of DDoS attacks, Corero recently conducted a survey that confirmed our suspicions - businesses are failing to put in place effective defences or plans to mitigate the impact of a potential DDoS attack on their organisation. Our survey showed that 51% of organisations surveyed have no DDoS defence technology in place to handle an attack, additionally 44% of respondents have no formal plans in place, and 44% lack a back-up Internet Service Provider (ISP) in the event their primary service suffers an attack. The survey was commissioned with the aim to probe respondents and measure the effectiveness of their plans to prevent, detect and mitigate the damage of an attack, including examining their incident response plans from the standpoint of: infrastructure, roles/responsibilities, technology, maintenance and testing, It appears there is a pervasive lack of planning on multiple levels. Whilst nearly half of businesses lacked any formal DDoS response plan, the problem is compounded by out of date network diagrams – 54% feared they had outdated or non-existent network diagrams and one in three lacked any clear idea of their normal network traffic volume, making it difficult to get an early warning of an impending DDoS attack.
The picture with regards to investment in DDoS technology showed a misdirected reliance on firewalls to mitigate the impact of DDoS attacks. Of those companies that had invested in specific DDoS defence technology, many were failing to properly operate and optimise the systems with regular tuning and updates. A hefty 59% of them did not test their DDoS defences regularly with network and application-layer penetration tests. These procedures should be part of basic contingency plans – how can you be sure that your defences are working if you do not regularly test them? Moreover, what if your DDoS defence strategy is well intentioned, but ineffective, and you don’t realise until after a business impacting incident occurs?
However, it wasn’t only the technology and processes that were found wanting, as the majority of businesses (59%) admitted they had not defined team roles and responsibilities to respond to DDoS attacks and even where such roles existed, fundamental requirements such as adequate security rights for a response team member to access network security devices was found to be inconsistent.
Building DDoS attack defence into your Business Continuity Plan
With inadequate, untested response plans and confused roles and responsibilities evident amongst the businesses, they are exposed and at risk of damaging attack. The situation can only be rectified by businesses if they look beyond what risks they have traditionally considered in their business continuity planning. Businesses seem well prepared for natural disasters such as flooding, snow storms and wind related outages such as phones service or the loss of electric power but what else should be put in place to protect your online presence and network infrastructure in the face of a cyber attack? Generic IT downtime planning is often considered but can be inadequate to address cyber threats. The truth of the matter is that due to the changing nature of the cyber world, there is a multitude of new threats and considerations that need to be addressed and with their own individual response plans.
The first step that businesses need to take is to understand what defence measures, if any, they already have in place. On premises, dedicated DDoS appliances placed at the network perimeter are a critical component of modern defence solutions. However, we still find that many organisations rely on traditional firewalls to bear the brunt of the attacker’s network traffic as they are often positioned at the forefront of the legacy infrastructure stack.
Firewalls were not designed to handle this type of malicious activity and typically get overloaded when processing large numbers of connections for both good and bad traffic. Other traditional security devices – for example IPS, SLB and WAF – performing deep packet inspection, load balancing, and application proxying are similarly not designed to robustly and comprehensively eliminate the DDoS oriented cyber threats and malicious traffic coming from the Internet. As a result, there is a real risk that legitimate traffic will be impacted while malicious attacks may slip through undetected, resulting in the attacker’s bad traffic, which is specifically designed to overwhelm and takedown the target IT infrastructure, having the desired effect.
Test, Test, Test
Once there is the understanding of what protection is already in place, the next step is to compose a plan and test its effectiveness. Whilst this may sound obvious this is one area that has proven to be a weakness in many businesses’ preparedness for an attack. Testing against a DDoS attack, or any cyber threat, must become a fundamental part of the business continuity planning exercises. This will reveal to businesses if there are holes in the technology or service they are already using and then give them chance to remediate any issues before it is too late. This ‘stress testing’ technique is the perfect way to understand how the business responds to an attack and will identify areas of the continuity plan that need further clarification or development. By simulating an attack it will enable those responsible for the business continuity plan to ensure the measures in place will work effectively and demonstrate how in the event of an outage they can get back up and running with the minimum impact on the business.
Staying ahead – Adopting a Proactive Approach to Protecting the Business
As attackers use increasingly sophisticated techniques to cause disruption, in turn some organisations are responding by implementing on premises cyber defence technologies at the perimeter of their network to stop these events before they cause a problem. But whilst the best intentions are there it still appears that businesses are not taking the proactive measures that are needed in order to safeguard their business effectively. Having technology in place is one thing, ensuring it works and stands up to scrutiny and for what is was designed to do under pressure is another. Many businesses are still under prepared because they don’t fundamentally know what to do should an attack happen, despite the heightened awareness and a number of high profile attacks making the front pages. Without a plan in place this puts great strain on the business should an attack occur and will result in it taking longer for the business to return to its business as usual state.
With DDoS attacks and cyber threats constantly evolving, businesses are up against a myriad of challenges when it comes to protecting their infrastructure and business operations. By incorporating a First Line of Defense against DDoS attacks and other cyber threats into a business continuity plan and stress testing the technology in place, businesses will have confidence they will be able to operate during a cyber attack, ensuring that revenue generating customers can continue to access their site and the business can protect its reputation.
This was posted in Bdaily's Members' News section by KS .
Our Partners
Driving skills forward with near £100,000 boost
What pension rule changes could mean for you
North East can't be an afterthought in AI future
Understanding the impact of the Procurement Act
Is the UK losing ground in life sciences investment?
Construction workforce growth can't be a quick fix
Why it is time to give care work a makeover
B Corp is a commitment, not a one-time win
Government must get in gear on vehicle transition
Growing a biotech business in the North East
A legacy in stone and spirit
Shaping the future: Your guide to planning reforms