DDoS attacks on the rise: A closer look at the data

others   |   
Published December 10, 2020   |   

The funny thing about digital transformation is that at the same time new technology opens opportunities for businesses, it also opens vulnerabilities to different forms of cyberattacks. The increased reliance on data combined with the widespread use of digital platforms to conduct business gives hackers new attack vectors for causing disruption. According to CompTIA’s latest research on the state of cybersecurity, the top concern for organizations is the variety of cyberthreats they have to deal with.

Perhaps the prime example of an attack that takes advantage of digital dependence is the Distributed Denial of Service attack, commonly known as a DDoS attack. In a DDoS attack, hackers are not trying to steal information. They are simply trying to cause problems. CompTIA’s guide, What Is a DDoS Attack and How Does It Work, describes this rising problem and shares tips on how IT pros can be prepared for mitigation.

What Is a DDoS Attack and Why Are They Dangerous?

Imagine a four-lane highway outside a small city. It might get a little busy during rush hour, but for the most part it can handle the traffic. Now imagine that the population of the city triples overnight. Suddenly that four-lane highway grinds to a standstill.

This is essentially what happens with a DDoS attack. By flooding a company’s systems with traffic, a hacker can slow down operations or bring them to a complete stop. Again, nothing is getting stolen, but the impact is still serious.

How Many Attacks Are There?

The 2020 Threat Intelligence Report from NETSCOUT found that the number of DDoS attacks is on the rise. Over 4.8 million DDoS attacks were detected in the first half of 2020. This represents a 15% increase over the same period last year. The COVID-19 pandemic created an even more tantalizing platform for cybercriminals when nearly every business increased their digital operations.

These attacks can be very costly. Using data from Gartner, CompTIA’s DDoS guide describes the median downtime of a DDoS attack lasting between 7 and 12 hours, with an average cost of $5,600 per minute. That leads to an average DDoS attack cost of $2.3 million to $4 million. That kind of financial hit is hard to recover from, especially for a small business.

The Effect of DDoS Attacks

When attackers launch a DDoS attack, they often build a botnet out of an army of computers or Internet of Things (IoT) devices that they have managed to infect with malware. This botnet sends a horde of traffic requests to a company’s network, targeting a specific server or simply trying to overload the general network.

If the server or network are used for internal operations, employees will not be able to access the systems they need to get work done. This is becoming a greater risk as companies shift more of their computing resources out of their data center and into the cloud, which expands the infrastructure footprint that a criminal can attack.

Attacks on public-facing systems can be even more dangerous. To start, there is obviously money lost if customers are not able to access websites that they might use for purchasing or service. As with all cyberattacks, though, the larger threat is long-term reputation. If customers view a company as insecure, they will search out a competitor. The immediate financial hit caused by DDoS attacks is bad enough, but convincing wary customers to return is a massive undertaking.

The Future of Cybersecurity and DDoS Attacks

Companies need to take a proactive stance when it comes to defending against DDoS attacks. After all, taking everything offline is not an option! While a defensive strategy can have many different details, there are three basic steps that any company should consider. Each of these steps features a new way of thinking about cybersecurity in the age of digital transformation.

  1. Understand Your Expected Baseline Traffic

Companies should understand the baseline traffic that they expect to see on any given server or network. This requires analysis of traffic patterns and also an understanding of business cycles that might occasionally drive different patterns. In the past, many companies did not perform this kind of analysis, simply assuming that most traffic happening on the network was legitimate.

  1. Limit the Number of Consecutive Login Attempts

Network professionals can limit the number of consecutive login attempts or other system actions from an individual user. This can be done using tools and techniques that fall under the umbrella of identity and access management (IAM). The previous security mindset was around using a firewall to create a secure perimeter for corporate systems, then to generally assume that anyone inside the secure perimeter was a good actor. Implementing sensible restrictions for users adds another layer of security in the very likely event that some bad actors can get through the first line of defense.

  1. Build Emergency Access Points or Backup Systems

Organizations should build emergency access points or backup systems. If a DDoS attack starts happening, having backup plans will give internal users another option for accessing systems or give the IT team a method for making websites available externally. Building redundancy certainly adds cost to IT infrastructure, but in today’s environment it’s too risky to have a single point of failure.

DDoS attacks have been growing in popularity as the internet has become more critical for business use. As organizations grow more aware of the cybercrime risks involved with digital transformation, they should become educated on how DDoS attacks can wreak havoc and how they can protect themselves from this threat.