The global cyber-security threat landscape is evolving – rapidly – bringing new challenges for businesses of all kinds. The connected world is key to everything we do, and an interruption to our access can have far reaching consequences. DDoS attack is the primary threat to the availability of Internet connectivity and it continues to evolve.
In February of 2018 the size of the largest ever recorded DDoS attack more than doubled, rising from around 800Gbps in 2016 to 1.72Tbps. This year has opened the door to the terabit era of DDoS.
While this is undoubtedly a worrying sign, attacks of this magnitude are not the main cause of concern for most businesses. What is more concerning is the growth in overall attack frequency, and the increase in the use of more sophisticated DDoS attacks that can’t be effectively dealt with by single layer defences.
According to Netscout Arbor's 13 th Worldwide Infrastructure Security Report (WISR), in 2017 there was a 20 percent increase in the proportion of enterprises seeing the most sophisticated multi-vector attacks, and a 30 percent increase in those seeing stealthy application layer attacks. Both of these attack types usually require best- practice, layered or hybrid DDoS defences if they are to be dealt with without business impact.
The more digital – the more vulnerable
Businesses are investing in new technologies, aiming to improve operational efficiency and increase agility and flexibility. Many are creating new, digitally powered business models that would not have
been possible in the past. However, the business benefits we have seen from the adoption of Cloud and SaaS, do come with a down-side; maintaining visibility and control across our infrastructure has become more challenging, making it harder to manage risk.
Underpinning all of our business activities is reliable communication between networks, applications, services, machines and people. Attacks which target the reliability of communications at any of these
levels can have a significant impact on our day-to-day activities.
What is at stake?
Quantifying the risk and impact of a service outage for an enterprise is key if we are to invest appropriately in our defences. Revenue impact is often front of mind when a cyber-attack is considered,
and, businesses are right to be concerned. The WISR revealed that revenue loss due to DDoS nearly doubled in 2017, with 56 percent of attacked businesses experiencing a financial impacts of between US$ 10,000 and US$ 100,000 (£8,000 to £80,000).
However, the true costs stretch much further than simply revenue impact. There is the damage to a company’s brand and customer trust that will show up down the road in the form of lost business. In
fact, more than half of organisations surveyed in the WISR cited reputational and brand damage as the most significant business impact of a DDoS attack, with operational expenses in second place, both ahead of revenue loss.
Rising C-level awareness
Cyber-security is changing, and it is increasingly a part of business risk management. Individuals all the way up to board level are aware of the consequences of a cyber-incident and over three-quarters of
enterprises now look at threats such as DDoS as a part of their business or IT risk assessment process.
This is encouraging as managing cyber-risk isn’t purely about technology – it is about identifying problems and determining the capability and process needed to address them. This leads to more
rounded investment and better reporting of efficacy. Moving cyber into business risk management has meant the approach enterprises take to protecting themselves has changed for the good – becoming
more aligned with a business’ overall goals.
The right defensive posture
In light of all of the above, it is becoming increasingly important for enterprises to select a defensive capability that best meets their needs. Not just technology, but also people and process. Starting from best-practice is key for successfully mitigating cyber-risks, and hybrid or layered defence is best in the case of DDoS.
A fully managed hybrid solution, integrating dedicated on-premise protection with cloud-based mitigation capabilities is widely considered best practice in DDoS defence. The on-premise component provides sufficient detection and mitigation capabilities to defend against the vast majority of attacks, including application-layer and state-exhaustion attacks, which target firewall, IPS and other stateful infrastructure.
The cloud component is needed to provide the capacity to counteract large volumetric attacks. In the hybrid scenario, the two components are intelligently integrated so that cloud mitigation is automatically activated and information exchanged when an attack reaches a designated threshold.
This allows the protected organisation to maintain control of their protection, obviating the need to permanently divert traffic through a cloud service.
Our reliance on the connected world has become almost absolute in business. As our threat surface expands, and the threats we face become more complex and more frequent, we need to ensure we
have the right defences in place.
Contributed by Darren Anstee, chief technology officer, Netscout Arbor.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.