Digital transformation is sweeping over enterprise, bringing with it obvious benefits for business, such as the move from CAPEX to OPEX, improved efficiency and unprecedented interconnectedness. However, while digital transformation is anticipated to be the major driver for business in the coming years, with every upside comes a downside, and in digital transformation’s case, that means increased exposure to cyber threats. In fact, since the massive move to the internet and digital platforms, distributed denial of service (DDoS) attacks, or attacks in which multiple compromised computer systems target web address or server, requiring the victim to deny service, have increased 125 percent year-over-year. And not only are DDoS attacks increasing in frequency, they are increasing in severity, duration and complexity. As a result, businesses should stay educated on DDoS threat trends and have a few simple tools on hand for protecting their networks from such attacks.

While gaming and retail companies have been the major targets of DDoS attacks, financial institutions, public services and business service providers are also facing an insurgence of DDoS attacks. This has less to do with the pay outs that the hackers get for ceasing the attacks (gaming and retail are known for their large payouts), but rather the ease of access to DDoS attack services. All a potential “hacker” needs in their arsenal is Bitcoin currency and they have everything in place to carry out a massive DDoS attack on their competitor, nemesis, or really anyone they feel like causing sorrow. While there are defense tools to prevent the wide spectrum of DDoS attacks, a few simple actions on your network can help deter DDoS attacks.

  1. Know what’s connected: The saying “knowledge is power” could not have more context than it does in network security. That’s because with more devices, like the Internet of Things and BYOD, connecting to the enterprise network, it becomes more difficult to know what is connected when, which devices are given certain permissions, and most of all, where those devices go and do after they leave workspace. Once you have a network visibility tool, knowing what’s connected to your network when is an automated, off-the-cuff process. No need to educate employees, contractors and visitors – once they connect to the network, you’ll know everything about their device and bring it into compliance.
  2. Automated controls: One of the older forms of DDoS attacks (but still relevant) are Local File Inclusion attacks, whereby a user gains unauthorized read access to local files on the web server. This form of attack is made possible by vulnerable devices that have access to enterprise data, but may not have the right firmware, anti-virus and security controls enabled on their device. Using automated compliance controls can be a big help for system administrators who want to put their knowledge to action. Set automated policies so that vulnerable devices will be immediately controlled and brought into compliance, or kicked off the network.
  3. Secure authentication: DDoS attacks are really made possible through the “loopholes” in internet security, namely the inherent weaknesses in TCP/IP-based internet. And while there’s currently no other choice, it’s important to understand your architecture and the security of your server communications. If a hacker can create proxy users that are able to overload the system, maybe consider a different authentication method for your site, such as two-factor authentication or one-time passwords. While, eventually DDoS attacks will grow to meet higher authentication standards (as they already have), at the moment it’s more difficult for hackers to breach these levels of authentication, which makes secure authentication a good idea for all users – end users and employees alike.

Though there’s little to be done to prevent and control DDoS attacks as they spread and proliferate (aside from deploying a number of defensive tools, which, by the way, are specified for tens of DDoS attack forms), there are simple steps that system administrators can take to get their security posture in line. Once a baseline of normal network activity is established, it will be easier to spot suspicious activity and shut down the network before DDoS takes control.

About the Author

Nilly Assia.  With more than 15 years of industry experience, Nilly leads the development, execution and organization of the company’s global marketing strategy. Prior to joining Portnox, she served as a Marketing Director at Gemalto, formally SafeNet, one of the largest information security companies in the world. During her time at Gemalto, she served in a variety of marketing disciplines including product, field, operations, and corporate marketing leadership roles. Before Gemalto, Nilly led the product marketing team for the USB business at SanDisk. Nilly holds an MBA from London Metropolitan University.  Learn more about Nilly at https://www.linkedin.com/in/nillyassia/ and visit her online at http://www.portnox.com.