The so-called Ostrich Syndrome is a term used to describe people who prefer to “stick their heads in the sand”, much as an ostrich does, rather than accept some uncomfortable facts.
Sadly, when it comes to indisputable threats like Distributed Denial of Service (DDoS) attacks, every business in operation today should be acknowledging this reality and doing something to prevent these attacks, rather than just hoping: “it won’t happen to us”, particularly in light of the speed at which the digital world is evolving.
Gartner predicted that by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of it security teams to manage digital risk.
“DDoS attacks are still cloaked in numerous myths. But only by fully grasping that the potential harm of the DDoS dagger is both real and brutal can attacks be mitigated,” says Simon McCullough, major channel account manager: Sub-Saharan Africa at F5 Networks. “DDoS attacks certainly don’t discriminate. Any organisation, big or small, is in danger of feeling the damage associated with a DDoS attack. It is, therefore, naïve to think that your business is too small to come under attack – not in a digitally connected world.”
At present, the fastest growing DDoS attack type is volumetric. The most common falsehood, however, is businesses believing that their on-premise DDoS solution has them protected against all DDoS attacks. “However, one of the largest DDoS attacks mitigated by F5 approached 450+ Gbps, which would easily overwhelm any on-premise DDoS deployment and the Internet link bringing the network down on its knees. Further with the latest IOT attacks the magnitude of attack is reaching in terabytes, which are impossible to be mitigated at the customer or the local service provider level. Hence at F5, we recommend a hybrid approach of both on-premise and cloud scrubbing. F5’s Cloud services called Silverline can handle attack bandwidths up to 5Tbps” he says.
McCullough adds that the most damaging DDoS attacks mix brute force (volumetric) attacks as a smokescreen with targeted, application-specific attacks.
Another concern, he says, is that entire industries believe that they won’t be targeted. “The reality is that all industries come under DDoS attacks with education and professional services, emerging as new attack sectors. According to the 2016 Data Breach Investigation report by Verizon, 90 percent of reported DDoS incidents are in the professional sector, followed by 81 percent in education. Attack motivation varies from hacktivism to financially motivated cybercriminals.”
“DDoS solutions are most certainly worth the investment, especially when you need mitigation. Businesses must be prepared to keep their business online and shine for execs,” McCullough stresses.
Anton Jacobsz, managing director at Networks Unlimited, the company that distributes F5 throughout Africa, adds: “Awareness about the severity of any potential cyber threat is paramount for both public and private organisations across the African continent. All business should be responsive, especially as a number of DDoS attacks are not for financial gain, but are often used as a smokescreen to distract from the real crime happening, such as taking over data, an account or the entire organisation.”