On Tuesday I headed down to Kensington Olympia to catch one of the Tech Talks at Infosecurity Europe. The session was about how to plan and prepare for a distributed denial-of-service (DDoS) attack – something that seems to be harder than navigating your way to Kensington Olympia. The reason I say that? On the same day, Nexusguard announced that the frequency of DDoS attacks was up by 380% in the first quarter of 2017, compared to the Q1 2016.
If you keep up with tech news you’ve probably become a bit desensitised to the number of DDoS attacks nowadays. They happen time and time again. And while the stories don’t stop, we still see companies waiting until after an attack to act.
With lengthier attacks at erratic levels becoming the norm, it’s critical that organisations develop a DDoS attack response plan.
As part of the Tech Talk, activereach shared its tips on how to develop such a plan:
You can’t protect what you’ve failed to test
As Raza Rizvi from activereach pointed out, you wouldn’t buy a car without testing the brakes first. And yet organisations are taking that risk which could prove to be fatal: lost sales, damaged reputation, the list goes on. Testing is the only realistic solution to mitigating the many different types of threat.
Have a clear Runbook for staff
A Runbook is a manual created to assist IT employees so they know how to combat a DDoS attack. Ensuring that staff know what to do in the event of an attack is essential. Without a Runbook, staff may waste valuable time escalating the problem to find out who even runs the infrastructure that is under attack.
Understanding the attack surface
To prevent malicious traffic on your site you need to understand your attack surface. Hackers will look for possible attack vectors to break into a network and sneak out data. A network attack surface can be reduced by restricting the type of traffic that can reach your applications. The lesson: to minimise unwanted intrusion, you first need to understand what exactly on your network is accessible to the internet.
Get to know your likelihood calendar
DDoS attacks seem to happen at the worst of times – and that’s no coincidence. eCommerce sites are particularly vulnerable here. From Black Friday and Cyber Monday, to the Boxing Day sales, hackers will target their victims at peak times when site traffic would typically be skyrocketing. The result: huge costs, angry customers, and possibly loss of sales to competitor sites. Understanding your likelihood calendar can help you to anticipate when an attack might happen.
With the number of DDoS attacks increasing and becoming more brutal, there is little excuse for organisations that fails to prepare. Just like your mum would say, failing to prepare is preparing to fail.