This week has seen a spate of high profile cyberattacks, with Evernote and Tweetdeck amongst those targeted. Yesterday also saw Feedly reveal that it has suffered a second round of DDoS attacks and, as a result, has had to pull its service while it works on a fix.
DDoS attacks are nothing new, with many high-profile attacks dominating the media over the last 12 months, but with well-known brands continuing to publicly feel the impact of attacks, they also show no sign of losing popularity with cyber criminals. As we've seen, these large cyber-attacks are capable of knocking out business-critical applications that generate revenue and facilitate communications, which can have severe business impacts. Organisations that depend on their online presence for survival absolutely need invest in security solutions that protect themselves, staff, customers and end-users against these attack vectors.
Whether these kinds of DDoS attacks are the work of mischief makers, sore losers or even attempts to sabotage rivals is unclear. What is clear is that defending against DDoS attacks is not just the province of private and public sector businesses. These attacks have become more prevalent and have amplified over the last year and the worrying trend is for these attacks to be a smokescreen for more insidious activities.
So how can businesses put up a defensive wall to stop attacks before they even access their data? Monitoring incoming traffic is the first line of defence in protecting a business against cyberattacks. Being able to assess where traffic is coming from, the device being used and even whether the request is from a human or not can all work as key assets in protecting against attack.
Let's consider an example. If a DDoS attack hits, a business should have the ability to filter requests before they enter the datacentre, stopping access to those communications which do not appear to be from a genuine customer - such as recognising that a repeat request is being made by a computer source, rather than an actual person at a keyboard. Businesses can also put in place firewalls which allow for a greater number of requests per second, ensuring that systems are less likely to crash under the weight of the repeated requests associated with DDoS attacks. Essentially, a full proxy firewall can avert significant downtime and data loss at a business.
So, my message is simple - centre your security around the applications housing the data you're protecting. Ensuring this is managed by one security platform using full proxy means this is one part of the puzzle which you won't have to worry about. Recent attacks act as a warning for other businesses. Now is not the time to wait and see whether you'll be the next target; now is the time to get your defences in order.