Firms Face A Higher Price Tag For DoS Attacks In 2019

For companies with a strong digital presence, a Denial of Service (DoS) attack amounts to closing the storefront, shutting the warehouse doors, unplugging the phones, and halting most other critical operations. A DoS or DDoS attack is nothing more than a simple shakedown, but they still happen in 2019, and their target has only gotten riper with time. The larger role that a company’s digital front-end plays in today’s online ecosystem means that the accompanying cost of these attacks is rising, and that even a small company stands to lose up to $120,000 if it falls victim.

With the total price tag on a DoS attack also rising for enterprise companies to over $2 million in each instance, according to a recent Bulletproof report, defending against these events in 2019 and beyond is as much a cost saving strategy as it is relevant to IT. Though recent figures also highlighted instances of DoS ransoms decreasing lately, hackers have explored new methodologies and are now finding it easier to generate a greater impact. As such, budgeting for the right tools to protect against these attacks delivers much greater upside in terms of potential cost savings.

DoS is a Detriment to the Bottom Line

Businesses affected by DoS attacks are financially affected in many ways. The most direct effect of Denial of Service is lost sales, with webpages holding payment and product browsing portals. Online service-based businesses stand to lose even more, as the internet is the only medium by which they deliver value. One must also consider the price of the ransom itself, if this is an option they want to pursue.

DoS attacks could also be used to obscure a more damaging breach of data, rather than a mere denial of service, which gets complicated. If sensitive customer information or financial data is lost, you may also be legally liable, which increases the price of the breach by several orders of magnitude. With or without customer data losses, DoS increases the risk of lost business.

Indirect costs of an attacks include potentially replacing hardware, but also employee time. Many won’t be able to work until service is back, and others who can help fix the problem will need to work extra overtime. You may need to hire outside help if the attack persists, and customer service people will be inundated with more calls and emails than normal.

Cybersecurity Strategies for 2019

There is some low-hanging fruit for worried companies to check off their list before enlisting the best DoS protections. Internal IT employees should ensure that all servers are only publicly available for necessary functions, and when further secured with SSH, firewalls on all endpoints, SSL, and VPNs. More important is to plan ahead for larger traffic accommodations than you think you need, and to employ a smart array of vulnerability testing technology to keep uptime at 100%.

Regardless if the attack targets the application, network, or transport layer, floods the HTTP or disrupts the DNS, it’s possible to check the entire apparatus daily for these threats. Software like Cloud Management Suite can inspect your company’s resources on a strict schedule and will patch software and hardware in real-time to automatically protect against zero-day vulnerabilities. An inclusive approach encompassing the OS, third-party apps, firewalls, router configurations, and more ensures vigilance against all attack vectors. 

Director of Services at Cloud Management Suite Robert Brown notes that this comprehensive patching effort is required if companies want to deflect DoS cost-effectively. “When every minute of downtime carries a five-figure price tag, patch management moves higher on the list of priorities for businesses in 2019. Companies shouldn’t be responsible for staying on top of the evolving array of attacks, so we help them focus on more profitable endeavors while keeping systems airtight against the latest threats. Remote diagnostics and patching allow us to deploy the proper defenses before the newest and most sophisticated weapons are put into wider use.”

DoS Gets Creative and Cost-Effective

Last year, hackers began commandeering memcached servers—which are normally used to accelerate websites and networks—but can also multiply the power behind DoS attacks. It’s now common to see an average DoS attack reach upwards of 1.7 Tbps without requiring as much input from the offender, meaning DoS is getting more profitable for the bad guys, gives them a bigger stick to wield, and more targets to swing at.

SMBs no longer have an excuse to avoid protecting themselves. A recent NETSCOUT Intelligence report corroborates this notion with data indicating that small e-Commerce websites and mail-order businesses were the 7th most likely to be attacked. Hackers’ arsenals are also expanding, according to Kaspersky Labs. More mixed-vector and HTTP breaches demonstrate that Denials of Service are getting increasingly complex and exploratory. 

Though protective SIEM tools like Bulletproof conceivably represent a cost center, they should instead be framed by how much they can save users. Apart from quickly updating to constantly watch for the most cutting-edge attacks in real time, these tools deliver a set-and-forget solution that helps firms avoid potential losses from every angle.

Compliance and Crypto Give Hackers Leverage

Adequate protection is vital as DoS becomes cheaper to conduct and more versatile, but more so now that perpetrators can extort money even without conducting an attack if they’ve identified that you lack the proper safeguards. The practice of asking for pre-ransoms in anonymous cryptocurrencies like Monero make it easy for hackers to blackmail firms before attacking.

This has also allowed firms to escape regulator fines if the reason for their vulnerability was non-compliance. With the maximum fine for companies neglecting compliance raised to €10 million in the EU, an alternative approach isn’t recommended. Network availability is now a central concept to GDPR rules, so fortifying your biggest asset against legitimate and illegitimate scrutiny is a financially intelligent choice.

Conclusion

These shifting trends mean it’s no longer arguable that neglecting DoS protection, software or cloud, is a cost-effective measure. By re-framing the idea of DoS protection from cost center to cost-savings, companies can actively thwart threats while maintaining an edge in the changing cybersecurity landscape.