By Ben Simmons
Commenting on research that has detected DDoS attacks being used as a competitive weapon, infosecutiry discuss the implications of the growing trend.
Europe show say this is a new attack trend that will have many IT security managers on this side of the Atlantic worried.
David Rowe, CISSP, member of the Infosecurity Europe Advisory Council and Head of Business Services for Reed Exhibitions - the organisers of the show, which is held 24th -26th April at Earls Court, London — says that the use of DDoS attacks as a business weapon is a new trend that has not been seen before in the security space.
“As we saw with the Arbor Networks denial-of-service report of last month, most security threats tend to originate from the cybercriminal side of the fence, but this survey of US companies shows us that DDoS attacks are a weapon being used by less scrupulous business competitors,” he said, adding that with more than a third of US companies being hit by a DDoS attack in the last 12 months, the threat of distributed denial of service attacks clearly cannot be ignored.
What is staggering, however, is the discovery that 52 per cent of the US companies surveyed blamed their competitors - rather than hacktivists or cybercriminals for their problems - he went on to say.
Against this backdrop, the Infosecurity Europe head of business service says that there may now be a need to adapt an organisation’s DDoS defence and remediation strategies.
Most IT security deployments, he explained, have been built on the premise that the cybercriminals and hackers are looking to monetise their frauds, meaning that the defences are primarily designed to keep the attackers out of the IT resource. If the aim of the attack is purely to bring the organisation’s Web site and allied Internet systems to a grinding halt for commercial reasons, then a different strategy may be required.
Reviewing and reworking a company’s IT security strategies — especially when it comes to DDoS remediation — is a complex task, says Rowe, who adds that the company concerned needs to examine the profile of the people behind the threat, and develop its security strategies accordingly.
The good news, he explained, is that the free Infosecurity Europe show education programme — which is second-to-none in the industry — has a number of seminars planned that will assist those IT security professionals who are concerned about the possibility of a competitor DDoS attack, and want to learn about the security strategies required to defend against them.
One of the events in Technical Theatre — entitled `Modern-Day NAC: A Tale Of Two Users Experiences From Testing To Deployment’ — will see a leading panel that includes Bob Tarzey, an analyst and director with Quocirca; a technical director with NHS Sussex; and the director of IT services and development with Wellington College, giving their views on network security.
“Anther useful event will be another Technical Theatre presentation — this time entitled `Improving Network Visibility & Keeping Pace with a Rapidly Expanding Network’ — with Lancope’s CTO and a senior network development officer with the University of Leeds, looking at the modern network and how to defend it,” he said.
“Whilst it’s clear that there are number of new and emerging threats to an organisation’s digital data threats, there are a range of solutions available to counter those threats. It is new threat issues such as competitor DDoS attacks that the professionals at the various educational sessions at the Infosecurity Europe show next month will address,” he added.
Join us on