2014 is already off to a great start for cyber risk pundits. Last year, experts at large firms like Booz Allen Hamilton and small firms like the UK-based Stack Group predicted that distributed denial of service (DDoS) attacks would become an even bigger problem in 2014. By January 3, hackers had already launched DDoS attacks on major gaming servers. With 362 days remaining in the year, you might see them get around to attacking your company, as well.
Understanding the DoS / DDoS Cyber Risk
A denial of service attack happens when a hacker uses a computer to send enough traffic to another computer to tie it up and interrupt its operations. Distributed denial of service attacks happen when hackers use multiple computers to clog up the one computer. Frequently, they do this by creating a “botnet” of computers that are compromised by malware and can be used to attack on demand.
DDoS attacks might not seem that damaging compared to other types of cyber risk. In a DDoS attack, the criminals attacking your systems aren’t directly breaking in, aren’t copying your data, aren’t deleting it and aren’t changing their computer. They’re just overwhelming it so that no one can get to it.
However, being denied service is a real problem. It means that your employees can’t get into the server to access the information that they need to do their jobs. Prospects can’t get into your systems to research what you offer and can’t complete transactions to buy your products and services. Existing customers can’t access support or, if you sell an online service, can’t access the services they paid for. Furthermore, the DDoS attack can burn up your bandwidth and make it hard for you to use systems that aren’t being attacked but that share bandwidth with the compromised ones.
DDoS attacks were once the purview of hackers that did them as pranks or personal project. Then, they became tools of hacktivists that used them to protest against companies or government agencies that met their ire. Next, a cyber risk tied to terror came into play as groups like the Izz ad-Din al-Qassam Cyber Fighters, who were linked to Iran, started to attack financial services companies. Now, DDoS attacks can be bought and sold on the black-market, making them available for commercial applications as well.
Defending Against the DoS/DDoS Cyber Risk
Once, good network security was enough to protect your company against DDoS attacks. Having a strong firewall and intrusion protection system coupled with having extra bandwidth coming in and out of your data center just in case was enough to either repel denial of service attacks or reduce their impact to a point where it was not damaging to the business. However, the larger scale of today’s attacks is changing the environment.
New network technologies, such as cloud-based filtering, can help to reduce the chance that a DDoS attack gets through and affects your company’s data and operations. Adding cyber risk coverage to your company’s business insurance policy can also ensure that you have the financial backing to limit the harm that you suffer if an attack gets through. While it might be hard to predict whether or not any given company will be the victim of a devastating DDoS attack in 2014, you can be sure that 2014 will see multiple attacks across the Internet and that the rate will continue increasing as it has done in the past.