Who’s next? That’s a question probably lingering on the minds of many American banking executives these days.
After all, eight U.S. banks were hammered by distributed denial of service (DDoS) cyber attacks in recent weeks and more could be in the works. A DDoS attack typically floods a website or network with so much traffic that it shuts down. The attack can last anywhere from hours to days, depending on how long it takes the victim to divert the traffic and how long the perpetrator can keep blasting the traffic at the victim’s site and network.
The hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters took credit for the cyber attacks on the banks. In posts on the website www.pastebin.com, the group said the DDoS attacks were in retaliation to a YouTube video insulting the Prophet Muhammad and many Muslims.
Could this wave of cyber attacks be the beginning of a new movement? Will hacktivist groups join cyber criminals, ruthless competitors and even angry customers in launching DDoS attacks to shut down company websites? It’s possible. Especially since the tools to launch DDoS attacks are cheap and readily accessible. Currently, there are more than 50 DDoS tools1 on the market.
And if DDoS attacks do become more prevalent, how much damage can they cause?
Well, according to one study2 more than 65% of the respondents said when their websites go down it costs them about $10,000 per hour or $240,000 per day. Most of these companies were in the finance, telecom, travel and IT industries. These costs are due to lost business and lost resources when staff members have to work on matters related to the attack, instead of on their regular jobs. Retailers who sell most of their merchandise online said when their websites go down, it costs them about $100,000 per hour.
If this is indeed the case, what can organizations do to protect themselves? Here are five tips offered by computer security experts:
- Maintain a high level of awareness to spot suspicious site traffic and other anomalies.
- Install the most advanced intrusion detection signatures (IDS) and intrusion prevention signatures (IDS) as defense mechanisms against cyber attacks.
- Make sure you have automatic updates scheduled for your anti-virus and other software programs.
- Review incident recovery plans and employee training strategies to ensure that your staff knows what to do if you do experience a DDoS attack or other form of cyber attack.
- Work closely with Internet Service Providers, law enforcement and vendors when faced with cyber threats and other suspicious cyber activity.
Have you experienced a DDoS cyber attack? If so, how did you respond? We would like to hear about it. Contact us.