Distributed Denial of Service (DDoS) attacks are designed to knock down assets, such as websites or customer portals. But smart hackers use these attacks as a distraction. While your staff are tied up struggling with one thing, the hackers are busy probing and infiltrating other areas of your business’ IT systems.
In 2016 Anti-Virus vendor Kaspersky Labs conducted a study of more than four thousand countries across 25 countries. They found that one in four businesses who experienced a DDoS attack, also said it played a role in their data loss.
How A Diversionary DDoS Attack Works
When a DDoS attack is used as a diversion, hackers send an immense amount of useless network traffic toward a company’s web server. By flooding that server they can bring that machine to a halt, effectively taking it offline. Being offline often means lost business, and diligent IT staff members will turn their full attention to fixing this problem. Whilst staff are distracted, the hackers try to access IT systems through other means. It could be a mobile device exploit, phishing scam, or even an insider threat. Once they’re in, they can install their own types of malware that keep a back-door open for them again. Or they might set about stealing valuable data, or perform other malicious acts like vandalising your network shares or infecting your system with viruses.
How to Protect Your Business
Protecting your business is difficult, because you cannot prevent or stop a DDoS attack. You can only mitigate its effects. Ideally, a business needs a way to detect and filter out the useless traffic being generated by hackers, as soon as possible. Ways to accomplish this can include:
- In-house equipment to monitor and filter traffic on your company’s network
- Traffic filtration services provided by your Internet service provider (ISP), assuming it offers those services
- DDoS protection services offered by third-parties
Response times are also a factor. Where possible create policies and/or procedures that outline how to deal with such events. Simulations or practice exercises will better help you prepare.
Protecting your business against other threats that might take place during a DDoS attack is much more involved. It’s imperative that all your IT devices (including mobile phones) are secure. And never underestimate the value of employee education. Aside from DDoS attacks, your staff should know about phishing scams, mobile device exploits, and other common ways cybercriminals attack businesses. They’ll be better able to spot something associated to these types of alternative threats.
Your Next Step
Securing your business against DDoS attacks and other threats is not easy. But we can help you to create a solid IT defence strategy. By analysing your IT environment and discussing options suited to your IT resources and budget, we can then work with you to implement the strategy you choose.