With many companies now highly dependent on digital data and technology to manage their operations, keep things running smoothly and effectively serve their customers, any disruptions to these services can have huge impacts on their business.
Issues such as hardware failure, connectivity problems or human error that knock firms offline can be hugely costly, but in addition to these issues, there's another growing problem that businesses have to deal with - that of Distributed Denial of Service (DDoS) attacks.
There can be various motives for DDoS attacks. Some are conducted by individual actors from a desire to exact revenge or just create havoc. Others are political in nature, with 'hacktivist' groups targeting institutions and businesses whose actions they disagree with. Some unscrupulous companies may even attack competitors to disrupt their operations and damage their reputation. But whatever the reason, the outcome is the same - a company is unable to do business until the attack is over.
These attacks are fast becoming one of the biggest challenges facing IT security teams, and they are getting bigger and more frequent than ever before. But what do they involve, and what can you do to combat them?
Why DDoS attacks are on the rise
In the past, DDoS attacks were regarded as little more than a nuisance as, while they could knock a website offline for a limited time, attacks could not be sustained for more than a few hours at most, and the impact was limited.
However, things are changing. One reason for this is that there are now many more devices around the world that can be compromised and taken over by botnets. For instance, the rise of Internet of Things (IoT) devices, which gives hackers a huge new category of gadgets to attack, has been cited as one factor behind a huge rise in attacks in the last year.
Many of these are unsecured as they aren't considered by IT departments to be major security threats - but this weakness can be exploited by hackers to add them to their growing botnets.
At the same time, it has become easier and cheaper than ever to launch a DDoS attack. This type of attack vector has never required a great deal of technical knowledge to pull off, but the growing availability of 'DDoS for hire' services means anyone can set up an attack for as little as $100.
The results of this are being seen in the size and scope of attacks. In February 2018, for example, a DDoS attack on Github broke records by throwing 1.35 terabytes of data per second (Tbps) at the web service. Yet this record was smashed just a week later after it was reported by Arbor Networks a service provider in the US was the victim of a 1.71Tbps attack - though, as the provider had taken precautions, there were no outages.
It's not just the size of attacks that's on the rise. According to figures from Kaspersky Lab, the number of sustained attacks - those lasting more than 50 hours - increased sixfold in the first quarter of 2018, with the longest recorded attack lasting more than 12 days.
Mitigating against the DDoS threat
It's clear that DDoS attacks have become an issue every security professional needs to be aware of. But what can be done about them? Traditionally, DDoS attacks have been very hard to guard against, so in the past, the typical method for dealing with them has been to simply wait them out. But this is clearly no longer an option.
Fortunately, there are steps that businesses can now take to ensure their operations are not disrupted by DDoS attacks. As Arbor Networks' report demonstrated, even the biggest attacks can be countered if businesses are well prepared and have the right tools in place.
Prevention is better than cure, so strong network monitoring that can spot the first signs of an incoming attack and take steps before it occurs are a must. Being able to scale up operations and provision more bandwidth to handle any additional traffic is also highly useful.
DDoS attacks aren't going away any time soon, and as automation and IoT devices continue to become more advanced, it's likely it will become even easier for hackers to target companies. But with the right tools and planning, businesses can prevent themselves from falling victim to this threat.