5 July 2022
Resilience against DDoS attacks becomes one of the key factors for cybersustainability
Modern cyber threats have a direct impact on our lives. And the more automation and digitalization advance in businesses, the more dependent they become on IT and the more obvious the impact of cyber threats on their activities. It is not possible to completely protect businesses from cyber threats. Moreover, it is unlikely that this will even be possible in the foreseeable future. Therefore, the focus today is not so much on information security (defense against all threats associated with the company's information systems), but on cybersustainability - the ability to minimize the impact of cyber threats on the company and maintain efficiency under the conditions of all kinds of negative impacts caused by different digital environments. In the era of digital economy, cybersustainability becomes one of the pillars for business and society resilience to negative factors and conditions that occur in the global data and computing environment.
How to ensure resistance to DDoS-related threats
Ideally, resistance to DDoS attacks should be taken into consideration at the design stage of the future Internet asset. Otherwise, ensuring DDoS resistance may require significant resources, time, and effort in future. In fact, we often deal with situations when the owners of an Internet resource do not think about DDoS resistance until they start feeling the consequences of DDoS attacks.
So what does it take to make your resource resistant to DDoS attacks?
First of all, it is necessary to properly design and build the IT infrastructure so that it has sufficient "strength" (spare capacity and power) to remain stable, at least in the face of weak attacks (we recently described this in more detail in the article "When an attacker knows your infrastructure better than you do, or the most trivial mistakes in organizing DDoS protection"). The fact is that even a high-quality DDoS protection is not always able to filter out 100% of all illegal traffic, and you need to be prepared for at least a small part of it to reach the protected resources. If the attack is strong enough (for example, at 50 Gbps), then blocking 99% of the attacker's traffic will reduce its performance to 500 Mbps - but that will most likely be enough to make the average Internet resource inaccessible unless it has a solid reserve of server power, network devices and firewalls, and network bandwidth.
Unfortunately, we often deal with situations where an underperforming network device is installed at the network boundary, such as a router that is recommended for working in a small office, but not for the network boundary of an Internet provider or data center. To make such a network inaccessible, a small DDoS attack is enough.
Second, you need to determine the relationships and dependencies between the components of your systems in advance and identify potential sources of error. Let us say your website is served by a mobile application that receives some information from it - e.g., about the weather, the exchange rate, traffic on the roads, etc. What happens if the website is down for an hour or two, or half a day? And what happens to the mobile application, will it work until the website is restored? It is highly desirable that individual components of your systems can operate autonomously for a while in situations where other components are unavailable.
Third, it is often not enough to implement anti-DDoS solutions, but to ensure that the protection you build works effectively. One of the companies turned to us after their applications became unavailable during a continuous DDoS attack, despite having "dual" protection against DDoS: The company used anti-DDoS services from two different vendors and even conducted three successful information security audits. However, it turned out that these services had limited capabilities and could not protect the company against a DDoS attack for which they were not originally designed.
This leads to the conclusion: cybersecurity "on paper" no longer works today, nor do information security audits, certificates and licenses guarantee resilience against cyber risks. To ensure true cybersustanability, other efforts are required.
Resistance to DDoS attacks should be harmoniously integrated into the overall cybersustanability
Cybersustainabilty is based on an integrated approach to information security and the sequence of its implementation. Therefore, it is first necessary to develop a cybersustainability strategy and establish a policy for its implementation. Among other things, it requires highly qualified partners with comprehensive skills and extensive experience in the field of protection against certain categories of risks, including those related to DDoS attacks.
It is very important that your information security partners specialize in these risk categories. After all, an Internet provider or CDN operator, for example, will not be able to reliably protect against DDoS attacks. And a company that does not specialize in WAF and does not maintain its own center of excellence in web application security will hardly be able to protect itself against clever hacker attacks on Internet applications.
The right choice of partners will help you build cyber resilience that really works, takes into account the risks relevant to you, is balanced and effective, and evolves with you.