Stop, drop, and roll, is everything on fire?
Now that the media hysteria has abated on the topic of DDoS, it seems timely for us to provide some commentary on this long standing topic from the perspective of security professionals.
The recent Distributed Denial of Service (DDoS) attacks on NZX, Stuff, RNZ, and many more have had the media bombarding us with updates and semi-new information aimed to keep us, the general public informed. Reading some articles on RNZ, Stuff, and NZHerald provide similar information on the attack.
There is no denying that the threat of sophisticated cyber-attacks are real, and while raising awareness about what is currently happening is a good thing, doing so without care may not be helpful.
In some articles speculating on who the attackers are, and providing general sources like insiders gone rogue and threat actors provide little help. In fact, worrying about where these attacks may come from won’t prevent them from happening.
Looking at the basics
If “where the attacks come from” is not the best place to start, then what is? Knowing what you are protecting, and what you are protecting it from is a good start. Jumping blindly into implementing technology solutions to protect your services accomplishes only ever-increasing expenses, complexity someone has to maintain, and with more complex solutions other unknown risks are ever-present not to mention how many technology solutions fall short of the mark because of poor planning.
Instead, we’d suggest that an organisation focuses on assessing risk, deciding a course of action, and follow-through by implementing effective protection measures in a more holistic approach. These may well include the same technology solutions mentioned earlier, however, armed with the right information the complexities are managed while having a higher chance of success.
It is easy to get entrenched in the firefighting during an event, and the rush to implement measures to protect against the latest big threat. While closing your wide-open gaps is a good idea, most of these short term fixes can not be sustained in the long run.
Thinking of the other targets of the attack who came through mostly unscathed should raise the question – how can I do the same? If I was to answer that question I would just say make sure you know what you have, who is responsible for it, and what could happen to it, and then, answer the question on how to protect it.
There is no way to fully protect against DDoS and other cyber attacks, however there are ways of making them less likely, and the impact of them not as severe.
We’ll watch with interest the developments in these latest attacks, in the meantime if you’d like to talk to any of the Axenic team about information security feel free to get in touch.