A denial-of-service attack, also known as distributed denial of service (DDoS), has been a thorn in the side of Internet businesses and organizations since at least 1999. A DDoS attack is easy to launch, and technically inexperienced people can rent the necessary infrastructure and systems from commercial hackers by the day, hour or week at affordable prices. A strike can be extremely effective; attackers even answer countermeasures as they're developed.
At one time, only large organizations had reason to fear denial-of-service attacks. Today, they can affect businesses of all sizes. Across a spread of small and midmarket companies, cybersecurity software vendor Kaspersky Lab found that the average cost per incident was $52,000. These expenses included hiring consultants, recovering from temporary data-access loss and spending on infrastructure or software after the fact. DDoS has been used as an extortion method, a form of public protest by so-called hacktivists, a part of international political campaigns and a way for disgruntled employees to cause trouble.
A major disruption like DDoS can make it impossible to run normal operations or transact business as usual. An attack can take out entire networks and the systems that depend on them, which has a wider impact than simply seeing a customer-facing website crash for a few hours. Here's how to approach an attack when it happens.
Understand the Subtleties
A denial-of-service attack is a class of cyber exploit, not a description of a single activity. Some versions use techniques such as remotely checking on resource availability, called a ping. Others will open connections to servers and not finish the request, leaving the server waiting for input. Alternatively, some attacks will make use of unsecured Internet infrastructure servers to flood a system with traffic. Your IT department should consider all the potential variations when preparing a reaction.
Be Ready
Although there are always steps an IT department will have to take during an attack, few companies have the infrastructure or technical resources to handle a large-scale DDoS strike by themselves. You need specialized knowledge, adequate network bandwidth and the computational capacity to help stave off the incident. Research and find potential vendors and service providers ahead of time so they are in place in case an attack occurs. This may include firms that can remotely monitor and address issues or that can redirect traffic through their own systems to divert the attack and allow for normal business. If you don't host your own servers or websites, you'll also want to know how to reach your host's or ISP's security team in an emergency.
Ensure that your infrastructure is designed and tested to withstand DDoS attacks to the highest degree possible. Have a clear understanding of what normal activity is so you'll know when something unusual happens. Also, understand that the IT department will need a sufficient budget.
Employ Several Solutions
Because there are multiple types of DDoS attacks, your company should be ready with a portfolio of tools and approaches for defense. This is where expertise comes into play, because you cannot know in advance the structure of the attack and how to counter it. An attack may come in multiple waves, with each one structured differently. You might be able to block off certain types of traffic at your network's firewall, but later it might be necessary to bring more capabilities, possibly through a cloud services provider, into play. Certain types of attacks might lend themselves to a filtering process in which you redirect traffic to a vendor that identifies and diverts likely problems while passing legitimate traffic to your servers.
Having cloud services that scale your ability to handle growing traffic is important. Monitor the flow of incoming traffic and increase resources to match it, but scale those resources back down slowly in case the attackers try multiple waves.
Ready Communications
You don't want to create panic or scare customers or business partners, so you won't necessarily want to say anything about an attack. But be ready to enact a crisis communications plan. In addition, know what regulatory implications there might be and have the appropriate legal help on hand if necessary.
Does your company have a cybersecurity budget in place? How much of your resources have you allotted and how did you determine what to spend? Tell us by commenting below.
Erik Sherman is an NCMM contributor and author whose work has appeared in such publications as The Wall Street Journal, The New York Times Magazine, Newsweek, the Financial Times, Chief Executive, Inc. and Fortune. He also blogs for CBS MoneyWatch. Sherman has extensive experience in corporate communications consulting and is the author or co-author of 10 books. Follow him on Twitter.