safeguardAs you might remember, we published a write-up on how to prevent and ward distributed denial-of-service (DDPS) attacks a year ago, but decided to share again the useful tips from CDNetworks since the discrepancy between corporate reality and self-assessment in IT security seems to have remained the same since then.

The content delivery network and cloud security specialist summarized the following steps to help companies addressing DDoS attacks:

  • Identify vulnerability and severity of security issue
    In a first step, it is necessary to check the security status in the company. This requires a comprehensive review of the strengths and weaknesses of the network to determine where system and network defenses exist and how easily they could be exploited. The latter can be determined by means of vulnerability tests and DDoS test. Then it should be checked if existing solutions for DDoS minimization are sufficient.

  • Find a suitable solution strategy
    In the early 2000s, when DDoS attacks were still rare and uncomplicated, do-it-yourself solutions provided adequate protection. Today, however, the methods of DDoS attacks and their scope are evolving so fast that individual IT teams and self-developed defense systems can barely keep up. Arranging for additional hardware to servers and routers is not only costly, it also requires constant updates and configurations toward the more and more sophisticated DDoS attacks. Not to mention, that the systems are still vulnerable to targeted network congestion. Almost all vulnerability tests show that one of the biggest weaknesses lies within the capacity limits of your own network. If this limit is exceeded - be it due to harmless causes or by malicious DDoS attacks - it comes to a network failure. A practicable solution represents a cloud-based DDoS defense. Cloud security vendors can leverage network capabilities that far exceed those of a single data center, providing reliable protection even in case of very large attacks, and their expert teams are constantly working to keep up with the development of DDoS strategies. At the same time, they can clean up data to ensure that only "legitimate" traffic comes through. Resources, such as the Open Web Application Security Project (OWASP), can also help with DDoS defense planning.

  • Be prepared for the worst to ensure business continuity
    Companies that have not yet been harmed by a DDoS attack usually underestimate the severity of it, although the data collected clearly bare the negative effects of financial, legal, regulatory and / or brand image-related nature. Nevertheless, ensuring business continuity should be an important element of any DDoS planning: both the technical requirements, such as the duplication of information and the assurance that Recovery Time and Recovery Point Objective (RTOs and RPOs) and the manifold process-related requirements.

  • Corporate policy for ransom demands and the consequences of cyber-attacks
    Some cybercriminals demanding a ransom to end a DDoS attack and free up resources. In such a case, experts recommend not to pay, because first, there is no guarantee that the attackers stick to their obligation after the payment of the ransom, second, once a payment has been made, the risk increases that the same attacker threatens again, comparable to organized crime and "protection money". Company guidelines should instead provide the legal department with information about the attack and the ransom claim. In some cases, ransom demands are sent even before the start of an attack, so it is unclear whether this will happen at all or be successful. In the event of a serious attack, such as the July 2017 ransomware Wannacry, organizations should report the attack as soon as possible to warn other companies.

The fight between corporations and cybercriminals almost seems to have become an arms race and unfortunately some of those fights are and will be won by cybercriminals. To address this fact, some organizations even started to procure an insurance against data misuse and other effects of cyber-attacks.

By Thay Xian Rong