DDoS danger clear for many businesses, says Agile’s Goode
10 September 2014 | 0
Headlines are constantly filled with news of security breaches, attacks and leaks. The costs associated with breaches or web application attacks are staggering. In amongst all the copy that is been written about these attacks, two things are common. First the threats and risks posed by network security are worsening. Second, billions of euro already invested in security has not yet negated the problem, from any vendor.
In the case of distributed denial of service (DDoS) attacks, this is most often associated with large scale businesses fighting off targeted attacks form well-funded adversaries The reality, however, is that this is an issue faced by more and more ‘everyday’ businesses in Ireland.
The impact of a DDoS can be devastating to an organisation both from a financial and brand perspective. A 24-hour network outage can cost hundreds of thousands of euro and anger customers that rely on your online services.
Over the past year we have seen the types and sizes of organisations being targeted broaden substantially. It is not just financial institutions and gaming sites which are being targeted, we have seen government departments hit, e-commerce sites and even pizza delivery companies being targeted. Why this change? Well, there are a number of reasons.
Firstly, attack tools are easy to find and download from the Internet. Anyone can download them and anyone can use them—and they do. The availability and awareness of attack tools has really made DDoS attacks accessible to any person, organisation or state who is looking for a way to impact another internet user.
“Over the past year we have seen the types and sizes of organisations being targeted broaden substantially”
We should not assume that attacks generated by individuals will only be effective against other individuals; some of the attack vectors incorporated in the readily available attack tools are stealthy and complex, and can be effective against commercial systems with just a single attack source — if it is not configured or protected appropriately.
More of a concern though is what happens when many people download the same tool and direct it towards a common target. In this case we effectively have a ‘volunteer’ botnet and more significant volumes of traffic can be generated, impacting larger and better protected targets.
Botnets offering DDoS services are easy to hire. While in addition, attack motivations have shifted over the past couple of years. Some attacks are still motivated by extortion and blackmail, business competition and purely to gain an advantage in a virtual gaming world. However, ideological hacktivism and internet vandalism have come to the fore as motivations.
So, what should we be doing to protect ourselves from the DDoS threat? Well, there are a number of things that we can all do to reduce our threat surface and minimise the impact of any attack, without using specialised solutions.
Firstly, know your network. Know what to block and what not to, but most importantly know who to trust to manage you through these issues. At Agile, we do not believe there is a single silver bullet to cure all woes. But we do believe that by combining our expertise, multi-vendor portfolio, and real world knowledge you can take the right steps to protect your business from the growing threat of DDOS which is impacting more and more Irish businesses.
Declan Goode is business development manager with Agile Networks.