The demands on enterprise CISOs across all markets have never been greater. Not only are they responsible for managing the data security considerations for organizations in the midst of global digital transformation, but they must be aware, educated, and constantly flexible in the midst of a constantly shifting threat landscape. DDoS attacks, internal threats, and other risks to business continuity are all concerns.
However, recent reports suggest that organizations are woefully underprepared to mitigate DDoS risks. Kaspersky Lab recently noted that 40 percent of businesses are unclear about how to protect themselves against targeted cyber attacks and DDoS – with many of them thinking that an IT partner will shield them from such threats. Further, another 30 percent think data center or infrastructure partners will protect them. While organizations all have different security considerations and resources, the numbers from this report add up to one undeniable conclusion: a large percent of businesses are completely incapable of dealing with an inbound DDoS attack.
Not only is this thinking misguided – it is downright dangerous. Recent sub-10Gbps DDoS attacks have managed to persist for multiple days, or even weeks. Such cyber attacks are capable of completely shutting down a medium-sized office location. CIOs and CISOs are responsible for the IT security considerations of their organizations, and their work drives to the very heart of a company’s long-term success and viability. If you have not consciously thought about your DDoS mitigation strategy, you are making a grave mistake.
The first step in truly becoming prepared for external threats, including DDoS, is to understand the scope and significance of the threats to your organization.
DDoS floods your infrastructure with traffic to prevent a service from working. With the recent prevalence of poorly protected IoT devices, many being drafted into DDoS zombies, attackers use massive numbers of connected devices from around the world and marshal them at the target, taking them offline for hours or days, or for those truly unprepared, even weeks. The Krebs DDoS in late 2016 was large and sustained enough that Akamai was forced to stop protecting the website. And while the motivations for attacks are varied, their impact on revenue, brand reputation, and IT credibility are enormous.
DDoS attacks like the one that made headlines last fall get the attention of the C-Suite. But how many CEOs know that experts predict DDoS attacks to grow in size, begin moving upstream, and also start targeting industrial control systems (ICS) and other targets that aren’t sufficiently prepared for DDoS mitigation? Knowing the threats and understanding how to keep the network from being disrupted is half the battle. Advocating for threat detection and prevention tools and technologies is vital.
As security software and systems are becoming increasingly better able to defend themselves, attackers resort to the crude and unsophisticated DDoS attack vector as an alternative. Although not as crafty as a true compromise, a DDoS attack can be equally destructive. Seriously disrupting communications to ICS systems controlling the power grid, industrial plants, and even DOT traffic control systems can have deadly consequences.
Waiting for your organization to be targeted or procrastinating security improvements due to lack of budget or man hours is a recipe for failure. The following are three steps to getting your infrastructure threat-capable.
1. Know your normal. The first step in detecting abnormal behaviors is to know and understand how your network functions day-to-day.
2. Understand your threat surface. Understand the different types of DDoS attacks, and evaluate how each of them could impact your network.
3. Plan for failure. Know what your incident response looks like in case of a security breach, and develop best practices to mitigate against network failures.
4. And finally: ask for help! If your network is in jeopardy of harm from bad actors, don’t wait to start the first conversation with qualified security specialists.
Getting your IT infrastructure battle-ready is easier than most CISOs think. If you have a network, it produces NetFlow, which allows for the visibility into your assets that you need to stave off bad actors. The threats to your organization have never been more real – and the risks will only grow for an organization that does not remain prepared and vigilant.