DDoS attacks – surviving the crippling smokescreen

DDoS attacks (Distributed Denial of Service) are a longstanding and well-known cybersecurity threat – and they’re on the rise. They involve using a lot of online devices to swamp a website with fake traffic, stopping the site from functioning, like a frying pan to the face.

In Part 1 of this article, we sat down with Kev Eley, Vice President of Sales, Europe at LogRhythm, a company specializing in cybersecurity, to find out the potential reasons behind the rise in DDoS attacks – and how companies can avoid the devastation, hassle and expense of being hit by them.

While we had Kev in the chair though, we asked him what happens if your organization does get hit with DDoS attacks – and what you should do in those circumstances.

A case of “When,” not “If.”

THQ:

Say a business gets hit with a DDoS attack. What’s the procedure? How do you manage it? How do you mitigate it? How do you minimize its impact in terms of length of time that it goes on?

KE:

To be honest, it’s probably a case of “When” this happens, rather than “If” this happens.

Most organizations will at some point have to mitigate a DDoS attack. So anticipation is probably the key thing. Understand that it’s probably a case of “When,” rather than “If” this happens to you – because that will necessitate thinking about it in advance, and making useful preparations for when it happens.

Sure, as we discussed in Part 1, there are things to do to avoid DDoS attacks, and obviously, you should do those as a matter of urgency. If nothing else, that narrows the window on when, and how regularly, DDoS attacks are a feature of your business’ life. Swift detection is absolutely paramount when it comes to mitigating a DDoS attack. Being able to understand that this is happening or about to happen is Step 1 in minimizing the impact.

And getting reliable information about the attack fast is Step 2. You need to understand the nature of the attack,. What sort of DDoS attack it is – is it an application layer or a network layer attack? Then, of course, there’s a range of mitigations that can be put in place quickly, in order to ensure that service is not disrupted. And once you’ve dealt with it, it’s important to learn the lessons of what happened, and why it happened.

Having an inventory of the applications and websites that could be ripe for targeting is useful, and having a log of previous DDoS attacks too, so that when you get intelligence that an attack is about to happen or is underway, and you learn what type of attack it is, you can react more rapidly and deploy the right mitigations faster. And also so that you can put controls in place around both the sites and apps that are most likely to be attacked, and the ones that are most critical to your business continuity.

THQ:

It’s 2023 – DDoS attacks are absolutely going to hit you, but prepare well, get fast, reliable data, and deploy the right mitigations, and they shouldn’t be a business-killer?

The state of cyber-hygiene.

KE:

Exactly, yes. And of course, cyber-hygiene is important all year round, and that can reduce the potential vulnerability of your sites and systems too. You know, if an attack does occur, then if you’re practicing good cyber-hygiene, you have high availability, disaster recovery, and regular backups of critical data, with the appropriate administrative rights in place.

Get good, robust cyber-hygiene procedures in place, and practice your DDoS response relatively often, so you’re trained, like a kind of muscle memory, for when it happens in real life. That way, you have your scenario planning as a level of instinct, and can move faster to shut down DDoS attacks – ideally before your sites and your apps are…

THQ:

Hit by a frying pan in the face?

KE:

Compromised.

THQ:

So it’s like a fire drill? You don’t want the first time you have to know what to do to be the time there’s an actual fire?

KE:

Exactly. If you’ve never run through the procedures and policies for what needs to happen in the event of a DDoS attack, and you’re suddenly learning them right at the point in time when they’re needed, you’re going to be slower than you should be in responding to the threat.

It’s good to talk.

That means you also have to have a communication plan in place. Communication to stakeholders, communication internally within an organization and with the Board of Directors, but also, communication with any necessary regulatory authorities that, come a DDoS attack, you need to report to.

THQ:

And then your friendly neighborhood media?

KE:

If it’s very high profile, then there’s clearly a media aspect to it as well, yes. Being able to understand and apply solid communication principles to all of the stakeholders that are impacted by this is also really important.

THQ:

So essentially, knowing as much as possible about the attack, as early as possible, having the right mitigation tools on hand to deal with different types of DDoS attack, having regular training to hone staff instincts on what to do when a DDoS attack hits, and then having strong, clear communication protocols is the fundamental prescription for dealing with DDoS attacks.

KE:

Definitely, yes.

A sense of unreadiness?

THQ:

We were struck by the statistic in the recent ThoughtLab study that 40% of CSOs (Chief Security Officers) don’t believe their organizations are prepared to deal with DDoS attacks. That’s worrying. So how do you build customer confidence against that background?

KE:

There’s a degree of report-fear there. Customers, whether it’s a business to business scenario, or whether it’s a business to consumer scenario, are much more aware of these types of cybersecurity incidents than they used to be, and whenever an incident takes place, it’s high profile and it’s covered in the media, and it does affect confidence.

We’ve often seen organizations choose to implement better detection and response as a result, but part of the driver is a supply chain aspect where the organization’s customers are increasingly seeking to understand the nature of controls, tools, and technologies that are in place. We recognize that cybersecurity and information security within an organization is really important and should be seen as a technology enabler rather than a technology blocker.

We undertook some research recently and one of the questions that we were seeking to understand was the impact of not having cybersecurity controls in place on an organization’s business.

67% of the companies that we interviewed in the process told us that they’d lost deals, they’d lost business because of a low confidence in the cybersecurity strategy and the information security strategy of their business.

Honesty is powerful.

So I think an organization discussing the policies they have around information security is really important. Being able to explain to customers and stakeholders some of the positive measures they can take with respect to the protection of customer data before proactively deploying comprehensive security tools, and also informing customers of the measures that they’re taking to protect customers data, can really help to calm customers and engender greater confidence.

THQ:

Rather than just saying “Trust us,” explain “This is why you should trust us”?

KE:

Exactly.

Organizations can’t brush DDoS attacks under the carpet. If an attack takes place, communication and transparency is really important. If the organization doesn’t act that way, it’ll have an even greater detrimental effects on its reputation. And similarly, if it communicates openly about its policies before a DDoS attack takes place, it shows foresight and honesty, rather than fear and secrecy. That has to be good for business, no?

Besides, we’re working in a world where organizations are relying on technology to run their businesses.

Given that that’s the case, and given that the technology that underpins critical customer-facing systems or citizen-facing systems is so important, cybersecurity has to be a priority for businesses.

It has to be taken seriously.