A Q&A with Jag Bains of DOSarrest Internet Security
DDoS (distributed denial of service) attacks are a major threat and risk exposure facing any business with an internet-facing server. They can be especially devastating to companies that primarily conduct sales through the internet, resulting in a network crash that can disrupt business and diminish profits and cause irreparable damage to a brand. Research firm the Yankee Group estimates that an average size company ($10 million in annual revenue) can lose $150,000 in a successful DDoS attack. I spoke with Jag Bains, CTO of DOSarrest in Vancouver, Canada, about the very real threat of DDoS and how organizations can mitigate their exposure to these attacks.
What is a DDoS attack in lay person language?
It’s simply an attempt to take an organization’s internet presence offline, exhausting all resources so that the general public can’t access the site or services, usually by overwhelming the site’s network connection or server with traffic. The typical example is an ecommerce website rendered inaccessible so that the company cannot process transactions and loses revenue for a time. They might also be cut off from suppliers or partners. There are a myriad of motivations and situations for these attacks but a couple common ones we see are trying to put a company out of business so that shoppers go to a competitor; or making a political statement by downing a campaign site. Either way, the idea is to have a significant impact on web presence.
Has this threat been growing? What are the trends you are seeing?
The rate and frequency of attacks has indeed been growing quite a bit. For 13 years or so, you could count on seeing attacks mostly aimed at commerce or gaming sites. Lately, we are seeing more political attacks on campaign sites and social media. Sometimes it’s not just an individual targeted but an entire government department. Another trend is that the firepower has changed quite a bit. Most people have heard of bot.net drones that recruit thousands of home computers to launch an attack but now hackers can do this with a much smaller subset of more powerful computers. That makes it easier to get into the game and it creates greater havoc. Attackers are also more sophisticated in terms of being able to target specific elements of websites—most recently we have seen an increased frequency of the “application layer” style of attack. They can hide behind what on the surface seems to be a legitimate set of connections. Every site has its own unique vulnerabilities and now the attackers are very deliberate and focused as opposed to the raw flood attacks we saw in the past.
What can happen to a business that doesn’t try to prevent DDoS attacks?
The most obvious consequence is lost revenue, and the longer the site is down the more transactions are lost. But another consequence that people don’t often factor in is the impact on SEO (search engine optimization). If the site is down for an extended period of time, such as three to five days, the interruption will be reflected in its ranking on search engines such as Google and Yahoo. That can be the difference between appearing on page one and page seven in search results, which, in our clicky world, is a major setback.
How can DOSarrest help?
We have designed our service to help any size company, in any region around the world. Our whole focus is a cloud product, so that the end customer doesn’t need to install software or hardware—all they need to do is change the DNS record for the targeted website. When there is an attack, we take it out of the customer’s infrastructure and/or hosting provider and bring it to our networks where we are able to apply technology to mitigate the damage. In the meantime, we keep the customer’s infrastructure hidden from the rest of the world. The majority of customers come to us reactively, when they are under attack—they may be down a few minutes or a few hours or even a day before they make a decision to get some help. However, we are seeing a trend where the marketplace is starting to understand the effects of DDoS and some companies are creating preventative strategies, which can include enlisting a specialist such as DOSarrest. Customers also have the ability to hop on and off of our services but most stay on as a preventative measure as we can deflect the vast majority of attacks and monitor performance in real time, enacting configuration changes if needed. That makes us unique in the industry and it allows us to offer high tech, high touch support around the clock as a defense against DDoS.
Any organization concerned about mitigating their first-party cyber risk exposure—or revenue loss due to business interruption—should be aware of the growing prevalence of DDoS attacks and set in place solutions such as DOSarrest to manage this peril.
eRisk Hub Members Only: To learn more about DOSarrest and Jag Bains, view Jag’s presentation on DDoS threats from the 2012 NetDiligence Cyber Risk & Privacy Liability Forum. The video is available in the Learning Center of the eRisk Hub. There is also a Business Interruption cost calculator in the Risk Manager Tools section of the hub.