Organisations tend to focus heavily on insuring the confidentiality and integrity of their business processes and data, and invest in redundant infrastructure and disaster recovery planning. But they often miss the elephant in the room and the primary threat to service availability: distributed denial of service (DDoS) attacks.
According to Arbor Networks’ latest Worldwide Infrastructure Security Report (WISR), DDoS attacks are continuing to grow in size, complexity and frequency – with nearly half of businesses experiencing a DDoS attack last year.
With financial services being in the top five most commonly targeted verticals, DDoS represents a significant business risk. This makes it all the more surprising that recent research from the Ponemon Institute indicated that only 48% of financial services organisations felt that they had solutions in place that could contain the DDoS threat.
>See also: DDoS ransom notes: why paying up will get you nowhere
According to Market Watch, financial companies are now facing threats from hackers who understand that many of the online services provided by the financial community are an absolutely critical part of the economy.
Online banking portals, clearing interfaces and trading applications are all essential, and in some cases attackers are holding organisations to ransom with threats to knock services offline.
Attackers realise that DDoS attacks can be both disruptive and damaging to a brand – the recent attack on Natwest being a good example – and attacks can be launched easily making them accessible to anyone with even a little bit of motivation.
There are many different motivations behind the DDoS attacks today. Extortion is one of them, but organisations must not forget ideological or geopolitical hacktivism and the growing issue of DDoS being used as a smoke screen for other cybercriminal activities.
There is a growing trend for attackers to use DDoS as a distraction during either malware infiltration or data exfiltration, with the recent Carphone Warehouse breach allegedly being an example of this.
Given the above, it is important to make dealing with a DDoS attack as streamlined as possible from an operational perspective. DDoS can be defended against – and, with the right services, solutions and processes, cost-effectively – without jeopardising other aspects of security.
To ensure protection from the DDoS threat, organisations need multi-layered DDoS defence. Solutions that utilise a network perimeter component integrated with a cloud-based DDoS protection service are widely seen as offering the best protection.
The network perimeter component can deal with both stealthy, sophisticated attacks and smaller volumetric attacks – meaning proactivee protection, zero downtime and no requirement to re-direct traffic to a cloud service.
>See also: How organisations can eliminate the DDoS attack 'blind spot'
For higher magnitude attacks, the cloud-based service can be invoked, sometimes automatically, by the network perimeter device or customer so that the attack traffic can be diverted and cleaned away to maintain availability and reduce the risk of a costly outage.
As well as using the right services and solutions, businesses should also ensure that they have a plan in place to deal with a DDoS attack. Ideally this plan should be documented and regularly exercised so that everyone involved in the communication, activity and escalation around an attack is familiar with the process. This can reduce stress during a ‘real’ attack and ensure the best possible outcome.
For many organisations in the financial sector, DDoS attacks are now a frequent reality and being prepared a necessity. For those lucky enough not to have been targeted yet, it is likely a case of ‘when’ rather than ‘if’ this will happen in the future.
Sourced from Darren Anstee, chief security technologist, Arbor Networks