In 2012, DDoS attacks revealed a new cyber security trend: attack campaigns that last for days and sometimes even weeks. Unfortunately, many organizations that find themselves under attack don’t know how to change the attack dynamics. Instead of working to halt attacks, many just wait passively for them to conclude.
But what about stopping the attack? Why can’t organizations become more proactive and implement counter measures that can halt the attackers from sending additional malicious traffic? Why not push the hackers back as far as possible from critical applications?
According to Cyber Security on the Offense, a recent study by Radware and the Ponemon Institute, 71 percent of respondents gave their organizations an average or below average rating when it comes to their ability to launch or implement counter techniques against hackers and other cyber criminals. The main reasons for not being effective in launching counter measures include the lack of enabling technologies, resources, budget and the dearth of expert personnel. (To read the full report – click here.)
This is a worrisome picture. Despite the fact that many organizations find themselves affected by attack campaigns that last for many days, they lack the capabilities to stop or to reduce the effectiveness of these attacks.
In 2013, it’s time to get proactive! Here are some recommendations for organizations that would like to halt attacks rather than merely absorb them:
- Establish an emergency response team that can detect and respond to attack campaigns 24×7 for as many days as required. Train this team to investigate who the attackers are and what their motivation is.
- Gain knowledge on the attack tools, techniques and modes of operation used by hackers in previous campaigns.
- When under attack, quickly detect and understand which attack tools are being used in order to anticipate what you should expect.
- Implement techniques to perform counter measures. Each attack tool that hackers use has weaknesses that can be exploited in a counter measure to significantly reduce the effectiveness of the tool.
- Develop an attackers’ black list and work with your CDN provider or your ISP to black list the attackers before they reach your network. This will allow you to push the attackers as far as possible from your critical applications.
Organizations that implemented these recommendations in 2012 managed to shorten the length of the cyber attacks they faced and reduced the damage they experienced. Next time your organization is under attack, make the choice to be proactive in order to minimize the attack’s effectiveness rather than just waiting passively for its termination.