How CIOs can respond to distributed-denial-of-service attacks

Distributed denial-of-service (DDoS) attacks have always been a problem, especially for CIOs and business leaders when it comes to responding to such attacks.

All organisations can be vulnerable to a DDoS attack, but knowing how to respond in the occurrence will help to minimise the damage.

In 2017, 57% of enterprises and 45% of data centre operators saw their internet bandwidth saturated due to a DDoS attacks according to Arbor Networks' 2018 Worldwide Infrastructure Security Report, which also found a total of 7.5 million DDoS attacks in 2017.

DDOS attacks vary in form, but all share the common objective of taking an online service down by targeting it from multiple hosts. Despite their potential for harm, there are still ways to mitigate the damage.

[Read next: How to respond to ransomware threats]

Additional reporting by Hannah Williams

Request data from your anti-DDoS provider
iStock

Request data from your anti-DDoS provider

It is important that you request all the data from your anti-DDoS provider. This could include botnet source addresses or other data that may identify the attacker.

Once this data is collected, it provides the potential to minimise the risk of another attack appearing. This will also include blocking of IP addresses, which may block out several attackers as there could be hundreds of people behind a single IP address.

Implement online outage mitigation and response strategies
iStock

Implement online outage mitigation and response strategies

Every organisation should implement DDoS mitigation and response strategies as part of a disaster recovery plan in the business. This should include detailed communication and action plans for business members to access.

It is important that organisations initially have network level protection connected to multiple WAN entry points in order to mitigate and re-route future attacks before they appear.

The business will also benefit from making sure that the operations teams have the correct action plan in place to quickly and easily re-route traffic.

Provide training
iStock

Provide training

Effective training will ensure that team members are able to recognise attacks, and therefore also know what to do in response to an attack.

There are many ways attackers will try to get into an organisation, so it is important that employees are aware of the threat landscape and can stay vigilant.

Use the right technology
iStock

Use the right technology

Although people and processes are arguably the most fundamental aspects to get right, using the right technology is also important.

For instance, switching to cloud-based hosting is a good option for organisations to expand bandwidth, which is much more likely to be able to withstand DDoS attacks than internal servers.

There are content delivery businesses out there such as CloudFlare, which also provide DDoS mitigation services - taking some of the pressure off internally.

Assess your systems and the threat
iStock

Assess your systems and the threat

Every organisation should conduct a risk assessment to understand the risks to its systems and which most need protection to keep the organisation operating.

Assessments should be ongoing to continually discover and resolve vulnerabilities. The earlier the attack is identified the faster you can minimise the impact on services and users of your online systems.

Monitor the global internet to identify surges in traffic from certain locations and set thresholds for abnormal traffic that should merit an alert.

Identify vulnerabilities before they want to be discovered through controlled testing of response mechanisms and security to spot any areas that need to be strengthened. Test who should be blacklisted by temporarily blocking traffic. If it switches IP address, there's a good chance it's illicit.

Strengthen your infrastructure
iStock

Strengthen your infrastructure

Preparation will ensure that your response is effective. Strength the network architecture through decentralisation, keeping servers in different data centres and data centres on different networks.

Document the details of your IT infrastructure and consider investing in services specifically designed to minimise the risk and damage of DDoS attacks.

Leasing bandwidth can also minimise the harm by reducing the traffic available to an attacker.

Research other companies that supply detection and mitigation services that could support your internal team to prevent and respond, such as next generation firewalls and DDoS protection services.

Prepare a response
iStock

Prepare a response

Invest in over-provisioning to ensure that the attack leads to loads times far greater than your usual activity peaks you have enough additional capacity to mitigate the effects if needed.

Investigate having anti-DDoS equipment or an anti-DDoS provider that would provide a backup in case of emergency. Ensure that they share their data to help you decide which IP addresses to block. A temporary move to a public cloud could also be worth exploring.

Your response plan should include a complete contact list and all the relevant procedures to follow in a predefined outline of steps you will take once an attack is identified.

An automated status page displaying the status of the server and communication templates can be created to alert customers of issues without causing excessive concern.

Analyse the attack and mitigate it
iStock

Analyse the attack and mitigate it

Identify the course of the attack and the components affected by it and review them to understand the nature of the threat so you can respond to its specific characteristics.

Make all changes in sequence to understand the cause of each of them. Switch to alternative networks or sites, and limit the damage by blocking the DDoS traffic through tools such as firewalls, and terminate unwanted connections and features

Firewalls and servers often can't keep pace with logging each individual request during an attack. If they fail that could cause even greater damage to your systems. Remove the log files as soon as you're certain that they won't provide any more useful information.

DDOS attacks can last a number of days so ensure your team has enough energy to handle it. Even though the problem may seem underwhelming, ensure the number of people involved in the response is limited so the response can be managed and efficient.

Review and learn
iStock

Review and learn

Identify the cause and ways it could have been prevented. Write an incident report to explain how it happened, how you responded and how you plan to prevent it from reoccurring.

Think about how you could have reacted more efficiently in terms of the procedures followed and the people who followed them.

Share the information with the community for mutual benefit. It will help them prepare for the future and help you learn from their own experiences.

Copyright © 2018 IDG Communications, Inc.

Related Slideshows