In the last two weeks of January 2016 alone, 52 mainstream cyberattacks were committed against governments, public, and private sector companies around the world1. That’s more than three attacks a day. Experts are warning that it’s no longer if—but when—your company will be targeted. And when it is, are you prepared? Do you have a response plan in place to recover from, or even thwart an attack? IT Pro reports that 50% of businesses worldwide have no countermeasures against Distributed Denial of Service (DDoS) attacks—and that’s just the most popular attack your company is facing right now.
Cyber threats are increasing and it’s essential that businesses are prepared. According to the Verisign DDoS Trends Report, DDoS attack activity has increased 85% year over year, and it doesn’t appear to be slowing down any time soon.
Investing in a robust Domain Name System (DNS) and DDoS protection is highly recommended, but as a minimum, businesses should protect themselves by ensuring DDoS attacks are covered under an Incident Response Plan (IRP) as part of a larger Disaster Recovery Plan and Business Continuity Plan. And most importantly, the IRP should be rehearsed.
Create an incident response team
To get started, you need an incident response team. It sounds easy to create a team—but who should be on this team; who within your company needs to be contacted in the event of an attack; who makes the decisions on how to react; and what do they communicate to whom?
DDoS attacks leveraged at name servers will likely take out email, and also Voice Over IP telephone systems. It will also take out virtual private networks. Team members should share their landlines and cell phone numbers as back up contact information and make sure it’s available offline; it may be the only way to communicate. All team members should also be aware of a “War Room” to call or as a place to meet if an event occurs. This is a critical part of mitigation. You also want to include key DNS partners on your team, like Corporation Service Company® (CSC®).
Purpose of an IRP
According to CIO Insight, the average cost of one hour of down time is $105,710 and the average network outage is 18 hours2. Ponemon Institute estimates that the average annual cost to companies from DDoS attacks is $126,153. Meet with the IRP team regularly to rehearse your response and discuss threats—and if under attack, first verify that it’s a true cyber attack. Beyond that, always keep your company management informed and discuss:
- The root cause of the attack each time
- How to reduce the incident impact
- How to maintain or restore business functions
- How to improve security to prevent future attacks
- When to send external communications and to whom (the press, customers, staff); create generic templates signed off by senior management in advance, because nobody wants to write marketing copy under pressure
With the threats growing in size and scope, companies need to be proactive. If you don’t have an IRP, it’s probably time to get one together.