Phishing. Malware. Spam. Ransomware. Poisoned Links. SQL injections. Brute force. Man in the middle. Cross-site scripting.
These attacks are more common than a DDoS attack to your organisation (With some exceptions), since they are mainly automated. You’re probably already spending millions of dollars on systems across your enterprise to prevent, detect, stop, and mitigate these kinds of attacks.
Not the top priority: In many organizations (with some exceptions), DDoS protection is not prioritised, as it is supposed to be,
That’s all well and good until that first attack happens – and you discover you weren’t protected.
From the moment an organization experiences a DDoS attack, it’s always on the radar and a main priority from that moment forward; the damage and scenario everyone is subjected to during such an ordeal is wide ranging and not easily forgotten.
Anyone reading who is responsible for IT infrastructure and has had to deal with a DDoS attack knows exactly what I’m talking about.
The Victims: DDoS attacks stop many businesses cold. Ecommerce sites, financial institutions, travel agencies, payment services, media companies, and on and on immediately start losing money the second a DDoS attack begins.
Government agencies, common DDoS attack victims, can no longer provide citizens with critical information or specific services. Even if you are a “traditional” company, having your site down means that people searching for your brand can no longer find you.
Some stats: According to a recent Neustar more than 85% of companies have suffered at least one DDoS attack over 12 months. Out of the attacked organisations, 86% had been attacked more than once.
Compliance: Under GDPR, a functioning DDoS security infrastructure is now a legal requirement to ensure availability and uptime. The Recital 49 section of the law explains that networks must be available and hardened to resist attacks. Article 32 further discusses how appropriate technology and organizational measures must ensure how a level of security must be delivered appropriate to the risk; that availability must be timely in the event of an incident; and that a process must be put in place for testing, assessing, and evaluating the effectiveness of the security.
Loss of Infrastructure control: To put it simply, DDoS attacks take away the control of your network. During a DDoS attack, someone else is determining the ebb and flow of messaging within your network. Your taps, bypasses, and network brokers are overwhelmed, preventing real work from being achieved. Effective DDoS protection for your network ensures that you maintain control at all times, keeping organizations IT infrastructure functioning at the highest levels.
Danger of DDoS Attacks: What makes DDoS attacks especially dangerous is that they are highly targeted. When your organization faces a DDoS attack, the motive is economic, political, or personal. An economic attack may simply be targeting your revenue stream – or may be a distraction so the attackers can focus on exfiltrating proprietary information, such a credit card numbers, without anyone noticing. A political attack could be motivated by your beliefs, activities, or geographic location. A personal attack may be something as simple as one of your customer service reps was rude to a customer or a disgruntled employee.
To protect against DDoS attacks, you need to have the correct tools in place – firewalls, network bypasses, etc. Yes, they add another budget line-item your already voluminous IT and cybersecurity spending. Consider the investment in DDoS protection to be an insurance policy – the last thing you want to do is to lose business simply because someone decides they’ll launch an attack against your organization.
References:
https://www.computerweekly.com/news/252439254/DDoS-attacks-cost-up-to-35000
http://www.privacy-regulation.eu/en/recital-49-GDPR.htm
http://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm