U.S. companies face a significant and persistent threat from cyber attacks, and one of the greatest risks of all is what’s known as a “distributed denial-of-service” (DDoS) attack.
A DDoS event occurs when an overwhelming flood of requests or data attack a Web site or computer network, causing it to shut down or fail to handle the requests of legitimate users. This type of attack can completely disrupt and cripple a business until the network is able to be restored. There have been a number of high-profile victims of DDoS attacks recently, including Visa.com, MasterCard.com, Amazon.com and even the federal government.
The real problem with DDoS attacks is that they’ve become extremely easy to carry out. “Botnets,” or networks of compromised computers used as soldiers in a DDoS attack, are now easy to establish and can also be “rented” for a fairly cheap price. Widely prevalent crimeware, or criminal software sold to others, is also increasing the threat.
The bottom line for businesses: DDoS attacks are more than just possible, they’re highly likely to happen at some point. In one way or another, more U.S. businesses will have to deal with the damage and downtime caused by a DDoS attack. Whether the attack is directly aimed at your business, or if it targets the Web host provider, e-mail service, cloud service or other client service, this cyber attack can cause serious problems for your business.
Here are some tips for businesses to reduce their risk, limit the damage and reduce the downtime associated with a DDoS attack:
Assess Your Company’s Risk. If your company transacts a considerable amount of business on online, or has Web-dependent operations, then it is important to take DDoS security seriously. Every business should sit down with its IT team and discuss what would happen to the company’s operations if it was hit by a denial-of-service attack. It’s also important to understand the impact such an attack against a partner or provider (like Amazon’s cloud services) could have on your business.
Create DDoS Mitigation Policy.Make sure your network administrator has taken some basic steps to limit the company’s risk exposure to denial-of-service attacks. There are several steps this person can take, including using caching, CDNs, static home pages, scaling and burstable network connections, standby servers and infrastructure to handle traffic spikes, etc.
Performance Monitoring. Few people realize this, but it can actually be quite difficult to realize or detect that a site is under attack. Many types of cyber attacks slow down the site, or make it unusable, but don’t actually bring it down. Properly configured/tuned performance monitoring can be a major help in detecting an attack.
Have a Response Team in Place. When a denial-of-service attack happens, your company needs to know who to turn to. Whether this is in-house IT staff or externals, there needs to be a clear hierarchy of responsibility. Know who to call at the hosting provider, vendors, and Internet Service Providers to coordinate DDoS response. Responding quickly to an attack is critical to getting it resolved effectively.
Buy Anti-DDoS Solutions. Companies like Cisco and Arbor Networks have programs that are specifically designed to identify and stop denial-of-service attacks. These can be a helpful addition to the other mitigation plans you have in place. Such products include Arbor Peakflow SP, Cisco/Arbor Clean Pipes 2.0, etc. The best defense against DDoS is a lot of bandwidth - that’s how Amazon.com was able to withstand a direct attack from the Anonymous hacker group.
Outsource to a Large Hosting Provider.A large hosting provider can supply increased bandwidth, which is the best way to guard against an attack. However, by outsourcing your website hosting to a large third-party provider, you can also reduce the risk of a direct attack - but keep in mind that you now run the risk of getting involved in an indirect or incidental attack that targets that hosting provider. The good thing about third-party hosting providers is that they have a significantly larger amount of capacity as well as in-house DDoS mitigation plans in place.
Have a Back-Up Ready. It may not be possible to prevent every DDoS attack, which is why companies are advised to establish a backup “mirror” website that can replace the original one if it comes under a sustained attack. The backup website should be hosted at a different location than the primary website. Best strategies: load balancing across machines, server farms and global server load balancing (GSLB) across data centers and continents.
Get Insurance. Another element of protection your business might want to consider is “cyber insurance.” This is a relatively new field of insurance, but one that is catching on quickly among large businesses that have a lot to lose in cyber attacks and data thefts. There are many different types of cyber insurance coverage, including privacy and security liability in case critical data is lost or stolen, lost earnings, etc. However, for the purposes of DDoS protection, the best coverage to have here would be for “crisis management.” This can help cover the costs of getting the network back up and running, as well as restoring lost or damaged data. Examples of cyber insurance include AIG’s netAdvantage and Chubb’s SafetyNet and CyberSecurity.
Unfortunately for businesses, distributed denial-of-service attacks are a difficult problem. They are becoming more common and they’re not easy to protect against. Businesses shouldn’t rely on the authorities to be able to effectively intervene on their behalf. With these criminal activities, companies need to rely on themselves. By using a multi-strategy approach that combines prevention, remediation and recovery provisions, your business can reduce its level of exposure to this growing threat.
Samuel Bucholtz is co-founder of Casaba, LLC in Seattle. www.casaba.com Casaba, provides security testing services to key software developers like Microsoft. Casaba is part of Microsoft’s SDL Pro Network.