New cybersecurity threats emerge in the news every week, it seems, and new terms attached to these threats become part of our lexicon.
Some terms that have recently become household names due to high profile cases are ransomware, phishing, and malware. The list of commonly known security threats is growing right alongside the increase in the threats themselves.
That said, there still remain lesser known yet equally important attack types that CPA and law firms need to know in order to reduce their risk of a breach. Let’s take a look at one attack type that’s been around since the birth of the internet but has been a bit overtaken by recent new attack methods.
While distributed denial of service (DDoS) attacks have been around for years, the term might be new to a layman. However, their profile is rising again due to their increased sophistication and strength. Basically, a DDoS attack’s goal is to disrupt the availability of it’s target, preventing the target from providing the services it typically provides. A DDoS attack aims to deny access across the board.
Unlike a DoS attack, where the attacking source is a single source sending malicious requests or data, a DDoS attack emanates from multiple sources.
In both cases, the attacking source or sources seek to overwhelm a website, database or other essential system with data or queries, causing it to crash or become inoperable. The scale of these DDoS attacks have increased considerably over the years.
There are three primary types of DDoS targets (CSO Online):
- Websites or servers (the attack sends massive amounts of fake traffic to overwhelm its capacity and slow down significantly or crash)
- Network infrastructure and management tools (malicious packets infiltrate the system to render it inoperable)
- Applications (the apps are inundated with phony requests)
Verisign/Merril research recently conducted research that revealed that approximately 33% of all downtime is related to DDoS attacks.
According to US-CERT (United States Computer Emergency Readiness Team), “DDoS attacks have increased in magnitude as more and more devices come online through the Internet of Things (IoT)...IoT devices often utilize default passwords and do not have sound security postures, making them vulnerable to compromise and exploitation. Infection of IoT devices often goes unnoticed by users, and an attacker could easily compromise hundreds of thousands of these devices to conduct a high-scale attack without the device owners’ knowledge.”
Preventing DDoS Attacks
DDoS attacks are difficult to prevent with traditional methods because of their multi-source approach and the increasing size and volume of the attacks. Most small to midsize business will not be able to prevent an attack without outside IT resources on board. And even then, it could prove difficult.
A possible defense against DDoS attacks is keeping your bandwidth usage efficient and clean while planning for some extra bandwidth capacity to absorb a reasonably sized DDoS attack. In other words, make sure your have more bandwidth than you need and that your capacity isn’t being wasted by poor management and usage, i.e. waste.
Most cyber experts will recommend that mitigation is a more realistic approach than prevention, for most organizations. What that means is being prepared for a DDoS attack and being able to identify the attack quickly and respond rapidly. Here are a few tips for mitigating the damage caused by a DDoS breach:
- Identify an Attack Early. Understand the warning signs of a DDoS attack so you can identify it early. If you see a sudden surge in web hits, you notice slow performance or a marked increase in odd email activity or website comments could be a sign you’re under attack.
- Build DDoS Response Into Your Disaster Recovery Process. Like with any other threat to your IT infrastructure, you need to have a response plan in place for your IT team and all of your employees. Early identification and a clear, well-thought-out, company-wide response plan are effective tools for limiting DDoS damage.
- DDoS Defense Tools. Firewalls, software, and hardware can all play a role in helping reduce DDoS attacks and limit their damage. There are too many options to discuss here, but in this area, a multi-pronged approach will work best to defend against attacks from multiple sources.
- Partner with Experts. Linking up with a managed IT services provider to help manage your network can be a cost-effective, efficient way to augment your existing IT staff and the tools they have on hand. Overwhelmed and under-equipped IT teams make an organization ripe for attacks of all kinds and particularly DDoS since it’s very difficult to identify and remedy. With 24X7 support and a host of tools at their disposal, an IT management partner can be an invaluable resource before, during, and after a security crisis.
We’ve helped many CPA and law firms protect their most precious data and reduce their system downtime. Whether it’s 24-hour monitoring, moving to the cloud or better managing their IT systems, American Technology Services can free your IT team from “break/fix” mode and help usher in better, more secure performance.
Reach out to us today. We’d love to hear from you.