01/10/2012

By Susan Warner, DNS and DDoS Mitigation Market Management, Neustar

DDoS, the denial of service attack which can cripple websites, email servers and, in fact, any piece of internet-connected infrastructure isn’t something which has been short of attention in the news recently.

Organisations like Anonymous and LulzSec have become online celebrities for all the wrong reasons. Only earlier this month, mi5.gov.uk was hit by a DDoS attack and last month Justice.gov.uk was hit by Anonymous to highlight the Ministry of Justice’s lack of independence from political interference, but it’s not just government bodies which are under attack. DDoS attacks on company websites have become more common and it is widely agreed that these sorts of attacks now occur thousands of times a day: a scary thought when just one attack can have such a devastating impact on a business.

The company I work for, Neustar, is a technology security specialist that spends a great deal of time fighting these very threats. We recently surveyed 1000 IT professionals from 26 different industry sectors to better understand their experiences with DDoS attacks. One of the most shocking statistics uncovered was that 65% of companies reported that they were losing on average £6355 per hour when their sites were taken down. But it’s not just revenue which is at stake, attacks can also seriously harm your brand.

One of the key problems is simply lack of awareness. Businesses are often unaware of the risks they are opening themselves up to when they haven’t effectively evaluated their security settings.

Think of this in terms of an insurance policy which hasn’t been carefully assessed before you select it. Let’s say you’ve taken out insurance on your new home and you have covered yourself against any potential risks to your property, for example, a fire, burglary or water damage.

Then one day your house is flooded and you think that your homeowners insurance offers protection against the damages but it only covers damage from certain types of water damage which don’t include the damage you have incurred.

This works in the same way with DDoS attacks, businesses often have misconceptions when it comes to the extent of their online protection and this can leave them open to major consequences.

One of the main myths which companies are often under the delusion of is that your internet service provider will protect you from a DDoS attack. In actual fact, if you’re under a DDoS attack, your service provider is also under threat so you’ll find that you’ll most likely be taken offline to protect other customers. Another is that your firewall or an intrusion detection system will protect your website against attack. Firewalls often become the source of attack during DDoS attacks and intrusion detection systems often become targets of attacks. During a DDoS attack, firewalls can go down faster than the servers they are there to protect; they often become bottlenecked, which results in your service being shut down.

It is a good time to take steps to evaluate the type of protection your company has in the event of a DDoS attack.

Attacks are no longer uncommon and an attack can cost your businesses in more ways than one. Not only have businesses calculated that a DDoS attack would cost them on average £6355 an hour, but over a third of businesses we questioned who have been victims of an attack reported that the attack had lasted over 24 hours. This has a direct impact on revenue while also having an impact on the reputation of your businesses when customers go to your website expecting information and instead seeing the dreaded “502 Bad Gateway” screen. Out of all the companies questioned, 76% of them reported that their greatest fear about being attacked is the impact of customer experience or brand and your website being shut down for an extended period of time will have a considerably negative impact to your reputation.

This damage can be easily prevented by investing equally in DDoS mitigated hardware and expertise. Cyber-attacks change and develop all the time and it is the combination of the best hardware and the experience and expertise of a DDoS mitigation professional which offers the best protection from ever-evolving attacks.

Now is the time to wake up, stop assuming you’re covered and have a good look at your security because when it comes to protecting yourself from DDoS, apathy can be the biggest risk you take.