Cyber Security
How to protect against DDoS attacks in a distributed workforce model
Published
3 years agoon
By
GFiuui45fgAs we begin to come out of the coronavirus pandemic in the U.S., we enter a new world of business in many facets. One area of profound change is the pandemic’s impact on the conventional work model. Over the past year, the way we work has moved at an accelerated rate into the digital space as organizations adapted their operations to enable a distributed workforce and maintain productivity. This shift placed increased reliance on connectivity and the performance and security of enterprise networks – not just to drive business performance but to protect against malicious actors attempting to profit from business disruption.
Distributed Denial of Service (DDoS) attacks are among the most common and most serious threats to any business that operates with a distributed workforce model, and they are growing ever larger and more frequent. According to a recent study from Corero, a DDoS mitigation technology platform provider, larger attacks ranging from 10 to hundreds of Gbps increased by 50% in 2020. What’s more, these attacks are also being actively weaponized in the growing wave of cyber extortion and ransomware, as evidence by the recent Colonial Pipeline attack. According to the U.S. Department of Homeland Security, the number of ransomware attacks increased by more than 300% from the previous year.
As much or more than the cost associated with direct ransom attempts, however, is the ongoing business impact of a DDoS attack. In our digitally focused world, any downtime or increased latency can negatively impact brand reputation, customer trust, and, ultimately, revenue generation. It’s important that businesses understand that DDoS attacks aren’t just a blip on the radar; if not handled properly, they can be devastating to the long-term prospects of a business.
Progression of DDoS Attacks
DDoS attacks have grown and evolved right alongside the internet itself for more than 20 years. While they may have once been executed by the stereotypical lone hacker operating out of some dark room, they are now advanced campaigns deployed by sophisticated cybercriminals who are armed with funding, resources, and advanced technical skills.
This means that the days of a single direct method of attack are gone. Today it’s multi-vector attacks that are performed in quick succession and often simultaneously targeting multiple layers of the Open Systems Interconnection (OSI) model in planned attempts to evade security and protection methods. In many cases, these attacks are so advanced and well-designed that businesses will not even realize that they’ve been attacked until a website application slows to a halt or crashes altogether.
As the attackers have become more skilled, DDoS campaigns have risen in volume and frequency. In some instances, even the largest internet organizations in the world are being targeted, including AWS, which reported that it had mitigated a massive 2.3 Tbps attack in February 2020.
However, it would be misguided for smaller enterprises to believe that cybercriminals are only targeting the biggest players. In fact, the increasing volume of attacks is focused largely on the extortion of smaller targets. Consequently, while the largest attacks get the headlines, the security threat posed by frequently occurring, smaller-volume attacks can not be underestimated.
The Quiet Majority of DDoS Attacks
Despite the increase in large DDoS attacks uncovered by Corero and cited above, the same report found that 95% of all attacks are actually 5 Gbps or less. To the layman, this may seem like the equivalent of a run-of-the-mill, workaday internet service issue. But in reality, this level of attack is entirely capable of making server and network resources inaccessible, resulting in totally blocked internet access.
The changing business landscape only compounds the issue. An increasingly remote workforce relies on cloud-based applications and tools, and also means that businesses are now forced to expose enterprise services to the internet that would otherwise be within their secure LAN environment. The remote VPN access platforms businesses now use to deliver these services to their employees are often extremely vulnerable to DDoS attacks and, if impacted, can result in almost complete productivity loss for the duration of the attack.
Compounding these negatives effects is the high likelihood that attacks will return. While 84% of DDoS attacks last less than 10 minutes, according to the same Corero study, this is often by design as multi-vector attacks are deployed in quick succession in order to evade protection measures. Ultimately, there is a one-in-four probability of a repeat attack within the first 24 hours.
With this risk of continual attacks, businesses must have a pre-defined plan they are ready to implement as soon as a DDoS attack occurs. Best practice procedure includes activating a response team, launching notification and escalation procedures, and informing key stakeholders of the situation. Similarly, businesses must have pre-installed protection strategies working in parallel to mitigate network threats, just as attackers take a multi-vector approach to infiltrate the network.
But alone, these steps are not enough.
Advanced intrusion prevention and threat response systems – which combine firewalls, VPN, anti-spam, content filtering, and network security with DDoS mitigation solutions – offer some degree of network protection against a DDoS attack, but ultimately businesses need a partner at the network service provider level. By going to the root of the DDoS attack target and working with a provider that can divert day-to-day attacks away from their network infrastructure, businesses are able to best avoid downtime and disruption to their online operations.
The ISP Protector
Manual mitigation and protection efforts at the enterprise level simply cannot be effective in today’s threat environment. As attacks continue their evolution from large-scale and infrequent to daily and sophisticated, automated ‘always on’ mitigation is at the core of DDoS defense, and that starts at the ISP (internet service provider) level.
Beyond just delivering connectivity, ISPs support businesses via their security capabilities – chief among them in today’s environment, their ability to handle ever-evolving DDoS threats. DDoS mitigation solutions integrated into the ISP’s core network means attacks are handled upstream before they have the chance to affect a business’s internet connectivity. The ISP should be able to counter DDoS activity across key peering points by scrubbing out and intercepting any ‘bad’ traffic at the edge of the network, allowing the ‘good’ traffic to pass through with minimal impact on the network latency.
This automated, real-time mitigation at the core is not only more effective than the individual enterprise relying on its own security features alone, but it’s a more cost-effective method for the business to protect its own network infrastructure while maximizing network performance.
The transition to a hybrid workforce creates new network requirements and potentially new opportunities for DDoS attackers. As businesses wade into this new territory, preparation for a changing threat landscape at the enterprise level is key, but so too is their ISP selection. With a partner that is dedicated to providing integrated, always-on and automated DDoS protection, the enterprise can operate with confidence that its increasingly internet-based business can operate without disruption and with full focus on executing its strategy and achieving its business objectives rather than a preoccupation on defending its network.