Any business that is online is susceptible to denial of service attacks and should ensure it has the capability to mitigate such attacks, says an industry practitioner who explains how
Any online business or application is vulnerable to distributed denial of service (DDoS) attacks, according to Harshil Parikh, director of security at software-as-a-service platform firm, Medallia.
However, there are ways of detecting and mitigating DDoS attacks that any business dependent on the internet can and should use, he told the IsacaCSX Europe 2017 conference in London.
It is important that such organisations take time and effort to build their DDoS defence capabilities, he said, because DDoS attacks are fairly easy and cheap for attackers to carry out.
“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.
“Competitors and even disgruntled employees are able to carry our DDoS attacks that can result in loss of reputation as well as lost business worth a lot more than the attacks cost,” he said.
While loss of service capability and loss of income are the greatest risks associated with DDoS, especially for SaaS providers, Parikh said DDoS is also often used as a distraction.
“Attackers commonly use a DDoS attack to distract security professionals from the fact that data exfiltration or other malicious activity is being carried out at the same time,” said Parikh.