Monthly Archives: May 2015

Don’t fall for these common DDoS myths

In addition to dealing with Mother Nature-related incidents, organizations must contend with malicious and relentless cybercriminals who issue Distributed Denial-of-Service attacks that can cause prolonged periods of downtime. Companies unable to respond to DDoS threats in a timely fashion will lose revenue and customers if operations are offline long enough.

Beta News' Darren Anstee recently detailed some of the common myths surrounding DDoS protection. Some businesses feel they will not be targets of such threats – a dangerous sentiment that must not be followed. Given that there are do-it-yourself DDoS kits available, anyone can become an attacker and any firm can become the victim.

Organizations can also run into problems if they believe DDoS protection only requires a single layer of protection, Anstee wrote. Defense against these threats must be multi-faceted and involve more modern tools.

Some businesses are still in the camp that thinks intrusion prevention systems, firewalls and content delivery networks are enough to combat DDoS incidents. However, Anstee indicated this is not the case, concluding that companies must take a different approach to keep these threats at bay.

"Organizations must rethink their DDoS protection."

TechTarget reported similar suggestions, noting routers, load balancers and networks can fail against DDoS incidents. For small companies with limited resources, there may not be many options available internally to implement more effective solutions.

Many businesses are in the same boat
Despite the widespread nature of DDoS, businesses are still not taking these threats seriously. In 2014, a SANS survey found that nearly two-thirds of organizations did not allocate any of their budgets to DDoS protection or for assistance from IT partners, TechTarget reported.

This discovery is most concerning given the length and financial losses of DDoS incidents in general. SANS found the average DDoS event lasted 8.7 hours in 2014, while some businesses experienced nearly double this time frame, as reported by TechTarget.

The news source also cited two industry reports detailing the average costs of a single DDoS attack. Market research firm Gartner indicated firms will lose $336,000 per hour. The Ponemon Institute said data center outages result in $474,000 in losses per hour.

Where should organizations turn?
With revenue, customer base and brand reputation all at stake, companies that want to improve their DDoS protection should consider looking outside of their businesses for assistance. Disaster specialists are helpful partners that work with clients to shore up any IT vulnerabilities that could result in prolonged operational downtime.

Whether firms seek assistance to enhance their business continuity and disaster recovery protocols or to protect themselves against DDoS threat, third-party specialists have them covered.

It’s not a matter of if disasters will strike, but when

Companies cannot use any excuses when it comes to their business continuity and disaster recovery protocols. Disruptions can and will strike at any moment. Depending on the severity of the incident, operations may be down for more than just an hour or two.

Heinan Landa, a contributor to The Business Journals, recently wrote that plenty of companies tell him about their disaster preparedness shortcomings. Some organizations lack the time to devise comprehensive recovery strategies while others are so overwhelmed that they cannot test for every possible disruption scenario. Others admit they simply have an inadequate plan altogether.

Landa asserted disasters will happen at some point, regardless of circumstances. He also cited a Federal Emergency Management Agency report detailing the hard truth of inadequate planning. The organization indicated 75 percent of organizations without business continuity protocols will close within three years of experience disasters.

Simple ways to devise the right plans
Although some businesses clearly lack the internal resources to create extensive recovery plans, there are some ways to create modest safeguards to start this necessary process. Landa explained organizations must first understand the five levels of disasters, starting from small to wide-scale incidents.

"Organizations cannot avoid disasters altogether."

Firms should determine whether they can restore certain files and emails if they are lost during disasters. Next, businesses should consider whether server failures will be an issue if they cannot virtualize assets stored on these systems or access back ups, Landa suggested.

Some disasters may make companies' buildings inaccessible. During such events, can firms access their office network remotely? If the workplace is completely destroyed, is the infrastructure gone too? Landa also encouraged companies to consider if their businesses can survive if incidents impact the entire city where their brands are located.

Disaster specialists help companies improve their BC/DR protocols. Disaster specialists help companies improve their BC/DR protocols.

With so much to consider, don't hesitate to bring in professionals
The plan laid out by Landa is just the tip of the iceberg when it comes to establishing organization-wide protection. Firms that want to focus on their core business goals, rather than trying to juggle all of the tasks necessary for continuity, should consider contacting disaster specialists for assistance.

Much like how organizations outsource certain IT systems to trusted third-party partners, companies that bring in recovery specialists will leave the development of continuity protocols up to the experts. These vendors will analyze the client's infrastructure to identify any vulnerabilities and then make recommendations based on this information.

Some customers may do well by hosting IT assets in cloud computing environments where assets are available through the Internet. Companies with workers dispersed throughout different locations can thrive in this scenario, since employees do not have to be physically at the office to remain productive If offices are inaccessible, personnel can simply use their PCs or mobile devices to access documents and data essential for performing their jobs.

Unless businesses suddenly have the time and energy to go over their recovery protocols in detail, companies should not let their internal shortcomings stop their brands from receiving the necessary protection against disasters. Recovery specialists are a smart investment for any firm that wants to avoid prolonged downtime and potentially shutting down altogether.