Now that the banking industry has gone through four rounds of very public DDoS attacks, experts are looking at what happened to extract some “lessons learned” to turn this negative into a positive. Even if your business isn’t a financial institution, there’s good advice here that’s certainly worth heeding.
Lesson One: No matter what industry or business you’re in, you need to have a plan in place to defend your business. DDoS attacks are not just hitting the banking industry. If your business has competitors that would benefit from your website being down, then you are vulnerable. Since it’s possible to buy DDoS as a service, anyone can launch an attack against you for as little as $10.
Lesson Two: Don’t wait for an attack to put a solution in place to defend your company. Once an attack starts – and it could happen at any time – your organization’s website could be completely out of commission for an extended period. Why risk downtime when it’s easy enough to put a solution in place today? The solution could be on premise, in the cloud, or a hybrid combination.
Lesson Three: Get a dedicated DDoS solution. Don’t count on traditional security devices like firewalls and IDS/IPS to protect your business because they just aren’t designed to handle modern DDoS attacks. When you choose a solution, consider that the volume level of attacks has been getting bigger, and the attacks have grown more sophisticated. Get a solution that meets today’s needs.
Lesson Four: Create a detailed incident response plan. Know what to do if/when an attack occurs and assign tasks to specific people to avoid delays in responding.
Lesson Five: If your organization is hit by an attack, closely monitor for indicators of compromise (IOCs). Many experts believe that DDoS attacks are smoke screens for fraud and other types of attacks that are designed to steal money or intellectual property.
Lesson Six: Be willing to share information. DDoS attacks have been widespread and businesses, solution vendors and law enforcement agencies are better together than individually. If we look at what happened with the banking industry attacks, it got easier to defend against them once all types of organizations collaborated with each other to share intelligence, profiles of the attacks and mitigation strategies.
Lesson Seven: This is more of a prediction than a lesson learned. Experts predict that critical infrastructure such as utilities, transportation systems, pipelines, the electrical grid, etc., will be targeted for DDoS attacks at some point. Attackers have the ability to target industrial controls as well as business websites. Administrators who control critical infrastructure need to re-read lessons one through six and take them to heart.