Business spending for cyber security has evolved from once being part of an IT budget to becoming its own budget – that’s at least true for large enterprises. Small Medium Businesses (SMB) continue to subscribe to the adage of implementing good enough security or enough to prevent negligence. Not being on the fortune 500 list doesn’t preclude a distributed denial-of-service (DDoS) attack from happening against an organization. In fact, in 2017 53% of businesses that experienced a DDoS attack fell into the small and medium business categories.
DDoS attacks were once a rare occurrence but are now a perennial event increasing in frequency and size. A common attack involves the attacker, a command & control, a botnet (i.e. exploited computers), and the victim. Looking into the anatomy of an attack reveals that the attacker is taking advantage of how Internet communication works to direct a large amount of traffic towards a victim, rendering their network and/or internet facing systems and applications unavailable.
So why should you care if your Internet is not available? It depends on how your organization uses this IT resource to gauge whether it’s important, and if there’s a business return on money spent to prevent such attacks. Let’s examine the number of applications an organization potentially uses that require the internet to function:
Similar to any business decision, deciding whether to implement cyber security boils down to the return on investment – more specifically the total cost of an outage due to an attack should be significantly more than the cost to prevent it. For example, if DDoS attacks negatively impacted an organization $100,000 annually and the cost to mitigate them was $15,000, the ROI for this preventative control would be
Aside from impacting availability, DDoS attacks have been used as a diversionary tactic for data exfiltration and are part of a growing trend in extortion.
You’re concerned. What should you do? Unfortunately, there aren’t effective DIY solutions to implement because attacks will continue to get larger — making it a cost prohibitive arms race for any organization. This leaves partnering with a service provider that can help mitigate the attack upstream, away from your network. When evaluating potential solutions, take into consideration how fast a threat can be detected and the available response options. How a mitigation works and does it require your involvement? Is monitoring included or is it an option you can add? Can the provider protect internet circuits that belong to another ISP? Last, how is the service priced – is it a fixed monthly fee or is pricing dynamic and driven by factors such as attack frequency and size.
In conclusion, take the time now when things are calm to consider how much internet downtime your organization can withstand, 10mins, 30mins, 1hour, 24hours, etc. Early planning can also save a substantial amount of money as emergency mitigation services are more expensive and can require time to setup.
Trusted security solutions require trusted partnerships
Windstream Enterprise’s DDoS mitigation solution includes 15-minute SLAs for both notification and mitigation, ensuring Internet circuits and web-facing applications stay up and available during attempted DDoS attacks. Optional proactive mitigation and auto-mitigation can reduce the response to mitigate to near real time. With the help of an experienced, trusted network security partner (Windstream Enterprise, etc.), your organization can put a flexible, adaptable DDoS mitigation plan in place – as part of a broad integrated suite of IT security solutions – so you and your team can spend more of your own time focused on strategic initiatives that help you innovate and advance your business.
Trent Pham is Head of Security Products for Windstream and is responsible for the organization's enterprise security service strategy, development, and life cycle management. He joined Windstream in 2016 and has 20 years of security product management experience with communication service providers, security service provider, and startups. Trent also taught information technology at the University of Denver's Information and Communications Technology Graduate Program. Trent received an MBA from the University of Denver's Daniels College of Business, a BS in Mechanical Engineering from the University of Colorado in Boulder, and holds a CISSP certification.