While all cybersecurity threats are on the rise, one form of attack has a long history of wreaking havoc. The first-ever Distributed Denial of Service (DDoS) attack in 1974 was the work of a 13-year-old student. And in 1996, DDoS was first used as a commercial weapon when New York-based internet service provider Panix was targeted by a hacker using a spoofed IP address to overwhelm the company’s servers with fake “synchronize” packages. These early DDoS attacks functioned much like the modern versions, shutting down your network, servers, or sites by sending vast amounts of data that overwhelm targeted systems.
Fast-forward to today, the attacks are more complex and consequential now that ransomware is part of an attack (RDDoS), for example the Colonial Pipeline attack. The retail, healthcare, education, and financial services sectors all had a spike in DDoS attacks in the last year. According to Radware’s recently released Quarterly DDoS Attack Report, escalation in DDoS attacks with the volume of attack attempts are up 31 percent in the first quarter of 2021. Damages from cyber-attacks are expected to hit $6 trillion by the end of 2021.
With these threats in mind, I wanted to discuss how to prevent a distributed denial of service (DDoS) attack before it happens and how to prepare for the impacts of a successful attack.
1. Invest in advanced prevention technologies
Prevention starts with putting advanced hardware and software security solutions in place that are up to the task of stopping as many threats as possible. That includes vital intrusion prevention and detection controls. Consider a next-generation behavioral-based system that triggers an alarm when it identifies abnormal system activity. It’s equally important that you keep these prevention technologies—and all of your hardware and software—correctly configured, tuned, and up-to-date with the latest patches. We also suggest you take some time to learn about common cybersecurity threats and how to protect against them. You might also want to consider a 1:1 cybersecurity workshop to help assess your security posture and close security gaps.
2. Build in redundancy
Imagine that you depend on a single circuit for your applications, data center, and other systems. If that connection is taken down by a DDoS attack, your business will come to a screeching halt. That’s why you need to build in redundant systems throughout your environment. Attacks can come through the network layer and the application layer, so it’s essential to look at redundancy throughout your tech stack. For example, server redundancy supports load balancing, so if an attack hits one server, you can use a second server to help reduce the impacts—or at least ensure you can recover. The same holds true for circuits. Redundant circuits are your insurance that if any of your connections are unavailable because of an attack, you can fail over to another circuit.
3. Design in resilience
Effective DDoS prevention practices are built on resilient network designs that include the first two items on this list. But it’s just as important to have an incident response plan in place so you can recover as quickly as possible if an attack is successful. You also need to test your plan, including developing the step-by-step process that covers impact and response assessment—and areas where improvements are required. It’s also worth reiterating just how important it is to have strong intrusion detection measures in place, because the sooner you are alerted, the sooner you can contain the damage.
4. Consider outside expert help
IT professionals already have a lot on their plate. Just keeping everything patched and up-to-date can be challenging, so it’s worth looking to outside experts to help you tighten your security strategy. These expert services range from assessing your internet router—or all of your hardware—configurations to help prevent attacks to a complete network design review. And, with an effective services partner monitoring your systems, you can be confident that you have the most advanced intrusion detection and prevention capabilities in place and that they are patched and up-to-date. Turning to outside help with ongoing monitoring, management, and maintenance of your security systems can be a critical step toward maximizing your resilience. External incident response services add another valuable layer of resilience that’s worth considering, too.
5. Move your network perimeter hardware to the cloud
Choosing a cloud-based DDoS protection solution provided by a managed security services provider (MSSP) ensures that your traffic is first scrubbed in the MSSP’s data centers, preventing an attack from overwhelming your data center. This approach also lets you get rid of network perimeter hardware because DDoS protections, network firewalls, and traffic acceleration are all delivered ‘as a service’. This can drive down your total cost of ownership (TCO) because you only pay for what you use, while increasing your agility by allowing virtual network functions (VNFs) to also be delivered as a service.
While DDoS attacks don’t get the headlines that ransomware attacks and social engineering schemes attract, they are still a big part of the cyber-attack landscape. Just check out Google’s Digital Attack Map, where you’ll find the top DDoS attacks worldwide. Click on the animated historical attack map, and the massive size of the problem will be evident.
I hope these tips have helped you better understand the cyber threats facing your industry, like DDoS attacks, and ways to minimize the disruption and damages to your business.
Thank you for trusting us to help with your cybersecurity needs. Contact us any time—we’re always happy to help.
Jon
