10 Ways Enterprises Can Best Prepare for DDoS Attacks

by Chris Preimesberger

While it may seem obvious, IT decision-makers must continually absorb as much knowledge as possible. A global survey by BT of IT decision-makers in large organizations found that organizations tend to review their DDoS response plan on average every 16 months, but any IT security expert will tell you that threats are evolving far more rapidly than that. Companies must understand who is behind today’s attacks, their latest tactics, what industries are most vulnerable, what impact it could have on the business and so on.

IT security professionals should incorporate threat awareness and education into their long-term strategy with executives. Cyber-criminals are constantly evolving and adapting their tactics, and organizations need to be sure that their prediction and protection matches pace. Read blogs, follow news stories and contribute to the conversation; then disseminate key information throughout the organization to maintain executive buy-in. BT’s research shows that only 31 percent of CEOs have an in-depth understanding of what a DDoS attack actually entails.

BT’s survey showed that the ongoing high-profile threat of DDoS from so-called “hacktivists” has resulted in 50 percent of IT decision-makers globally changing their organization’s approach to corporate social responsibility (CSR). Companies should monitor social media and take note of inflammatory postings about their CSR efforts; stay informed of controversial political or social injustice overtones; be aware of attacks on competitors or partners in a similar vein; and don’t ignore threats of attacks as part of blackmail or extortion.

Downtime can cause a big impact on finances, as well. BT’s survey shows that, on average, approximately $48,000 was lost as a result of a single DDoS attack, and most organizations that were targeted were hit at least twice in the same year. IT decision-makers should partner with their companies CFOs to analyze the financial impact of slow network performance or downtime on the business. How much revenue could be lost? What is the cost to get up and running again? Could there be a material impact on the brand?

Organizations are reviewing their IT security measures and defenses every 14 months, on average. When doing these reviews, companies must work with all areas of their organizations to update plans and mitigate attacks. From the boardroom to the server room, there are stakeholders who need to be aware of the response plans and understand the impact on their area of the business.

BT research shows that 30 percent of IT decision-makers believe that their organization’s main vulnerability to DDoS attacks is from the company Website. Similarly, 22 percent believe that the company intranet is their main vulnerability, while only 10 percent believe this lies with the email server. Organizations need to evaluate their network and endpoint security to identify critical vulnerabilities and then dedicate resources to closing those gaps. Implement firewalls, load balancers and intrusion prevention and detection devices to start, and find specialized DDoS protection solutions from established players in the industry if needed.

The BT research also shows that only 49 percent of IT decision-makers are able to identify the source of a DDoS attack on their organization. If a company is unable to identify the source, it is extremely difficult to plan strategies for recovery. In order to prevent this, organizations need to know their vulnerabilities and ensure they are able to safely defend any concerted attacks on these areas. Ensuring there is a robust and continuously viewed defense and mitigation system in place is a key part of business continuity and disaster recovery strategies.

Because DDoS attacks can be extremely large, requiring dedicated networks and massive amounts of time and effort to mitigate, IT leaders should research the option of outsourcing DDoS protection to a specialist provider with additional bandwidth and expertise. Forty-nine percent of IT decision-makers surveyed by BT say that they need outside assistance to help them protect their IT estate against DDoS attacks.

Identifying attacks early on is critical for prevention. IT decision-makers should be largely familiar with their organizations’ in-bound traffic profile and should be alert to any sudden or unexpected changes. Having the appropriate detection and mitigation capability in place to help visualize this can be a huge help to security analysts as big influxes of data will appear as a “spike” on-screen and immediately be flagged.

Organizations must have adequate contingency plans in place, especially if they rely on an online presence or connectivity for operations. BT research shows that, on average, it took organizations 12 hours to fully recover following their most significant DDoS attack—more than a full working day. In industries such as financial services, losing an entire day’s trading from a downed Website would cause significant financial damage. Similarly, service-based companies need to also consider reputational damage, such as if a bank’s customers were unable to access funds for an entire working day.