DDoS attacks are now seen as part of everyday normal business trading so how do you protect your business from losing millions?
Two years ago it might have been quite rare for a major news bulletin to have been about a Distributed Denial of Service (DDoS) attack, but how quickly things have changed. Think Yahoo!’s cyber hack which affected a billion of its accounts, was the biggest data breach of its kind in history, and has cost the company insurmountable amounts in money, time and reputation. And it was headline news!
So now DDoS attacks are now seen as part of everyday normal business trading so how do you protect your business from losing millions?
What’s happened in almost the blink of an eye is that the hackers have become increasingly savvy and versatile. In Yahoo’s! case they used “forged ‘cookies’” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit. Yahoo! said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Yahoo! isn’t alone. Last year, a DDoS occurred against New Hampshire-based web company Dyn, which controls much of America’s internet infrastructure. It led to outages of major websites such as Twitter, Airbnb, Amazon, Reddit and The New York Times to name a few.
And Australia is in the same boat. In fact, one leading local executive recently said that DDoS attacks were so frequent in this country that big companies viewed them as “just part of the usual business”.
So what to do? How do you protect your business from losing millions? There is plenty the IT team working for you can do to protect your data. Does your network security already have these? Firewalls, intrusion detection software, antispyware, patching and updating the operating system and proper usage policies. If laptops are used, encrypt the hard drives. Encryption prevents a thief from extracting useable data from a stolen laptop.
When it comes to your staff, only give them the data they need to do their jobs, adopt a need-to-know stance. And limit the number of portable storage media in the organisation (such as CD burners, and flashdrives) and control access to these media. Log every use of such media and what was stored.
Do employee background checks and pay attention to information technology (IT) personnel who will, by the nature of their jobs, have a greater access to a wider variety of data. When any employee leaves the company, scan their PC and look for any inappropriate data was kept on that machine.
To find out more about network security and how to protect your business from DDoS attacks, speak with one of our consultants today here.