Reduce Vulnerabilities & Defend Your Brand Against DDoS Attacks

Uploaded on 2022-12-21 in TECHNOLOGY--Resilience, FREE TO VIEW

Distributed denial-of-service (DDoS) attacks are on the rise and the repercussions can be detrimental to businesses. Gartner has estimated the cost of downtime from DDoS attacks to be $300,000 per hour and a successful application attack costs, on average, $4.42 million per incident.

Yet, beyond the financial impact - a customer’s trust in a brand is truly what’s at stake with these cyber attacks. In fact, 31% of consumers have discontinued their relationship with a company due to a security breach and a significant number of consumers have lost their trust in a brand as a result.  

DDoS attacks only seem to be growing. As recently as September 2022, the Japanese government was targeted by an organised cyber criminal group called Killnet. Killnet planned a sustained DDoS attack that eventually overcame the government’s cyber defenses. Yet, the Japanese government was protected by one of the most recognised names in web security. Then, earlier this month, on U.S. soil, Killnet perpetrated a DDoS attack targeting major airports, including Los Angeles International and Chicago O'Hare, among others.

The modus operandi of the Killnet attacks is to employ a variety of DDoS techniques, including combining application attacks with volumetric network attacks. It deploys these in waves of attack that also target a company’s origin.

As online attacks increase in size, frequency and sophistication, businesses need to seek holistic security solutions to help detect and streamline resolution. 

Attacks On The Rise

DDoS attacks are here to stay. In fact, according to the 2022 Verizon DBIR (Data Breach Investigations Report), the number one security threat is a DDoS attack (46% of attacks) - and it’s growing every year. The number one targets are web applications and servers (56% of attacks), with DBIR highlighting web apps that remain unpatched and legacy apps that are older than four years as being the most affected.

Where Do Vulnerabilities Lie?

Companies remain vulnerable because they don’t protect all of their network against DDoS attacks. As attacks target both the network and application layers, organisations must protect against several attack vectors.

According to the Verizon DBIR, the second leading breach pattern is a basic web application attack, so businesses will also benefit from a Website Application Firewall (WAF)  solution. Once you deploy a WAF, your defenses improve significantly. Research by Edgio has found that that businesses can detect and contain a breach 77 days faster, on average.

As network architectures have evolved, so have DDoS attacks, exposing websites and networks to vulnerabilities, including the critical applications and processes dependent on those networks.

One vital part of an IT network that needs protection - and gets overlooked - is your origin. The origin server is where the original web page is stored. One job of a content delivery network (CDN) is to store, or cache, copies of the web pages on its edge servers that are located a short distance from the web app user. Global edge servers enable businesses to deliver lightning-fast performance to website and app users. The CDN hides the origin IP address, but devious cyber criminals, like Killnet, find and attack this chink in the armour. Deploying robust application security and DDoS scrubbing solutions are recommended to protect and mitigate against direct-to-origin DDoS attacks. DDoS scrubbing identifies bad traffic and redirects it away from critical systems.

This combination of defenses provides businesses with a full spectrum, holistic cyber security strategy and means attacks never reach their infrastructure, applications, and internet-facing websites.

How To Defend Against DDoS Attacks

Even though the threat landscape continues to evolve, there are still several steps you can do to protect your business and brand from DDoS attacks. Organisations should adopt a scalable, holistic security platform and protect their network, applications and origin using an edge-based DDoS protection solution. Direct-to-origin attacks can be defended against using a DDoS scrubbing solution and a security operations centre can improve business security responsiveness. 

It’s impossible to eliminate the risk of attacks, but there are practical steps business leaders can implement to protect and secure their organisation, before it’s too late.

Paul McNamara is Senior Solutions Engineer at Edgio

You Might Also Read: 

You Should Prepare Your Organization For A DDoS Attack:

 

« Cyber Threats & Nuclear Fears
What Security Issues Do 5G Network Providers Need To Address? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

ValidSoft

ValidSoft

ValidSoft is a security software company, providing telecommunications-based multi-factor authentication, identity and transaction verification technology.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

Terra Security

Terra Security

Terra Security is the first agentic-AI platform built for web application penetration testing.