Continued DDoS attacks, like the EllieMae DDoS attack, remind executives and security professionals of the need for a proactive risk management posture.  The risks associated with DDoS attacks are at such a high level that recently the FFIEC has made a statement telling banks they expect them to address DDoS readiness as part of their ongoing security efforts.  So, what are some of the steps CIOs and institutions can take to prepare for and protect against DDoS attacks?

Steps to mitigate the security risks associated with DDoS attacks

  • Evaluate your system’s vulnerabilities.
  • Assess your vendor partners’ risks.
  • Ensure your in-house information technology units and/or service providers are taking appropriate action to mitigate DDoS risks.
  • Implement real-time monitoring.
  • Have a 24×7 staffed network monitoring system.
  • If needed hire a third party risk management firm to help manage your DDoS mitigation strategies, evaluate your present data and the potential need for adjusting your configuration settings to increase detection capabilities.
  • Monitor incoming traffic to your website(s) at all times.
  • Have incident response plans ready to activate if you suspect a DDoS attack is occurring.
  • Ensure sufficient staffing for the duration of an attack (including the use of previously contracted third-party services).
  • Stay proactive in your overall security posture at all times.

The industries that need to pay the most attention to DDoS attacks include banking and financial institutions, as well as cloud service providers; but ultimately, every business stands to lose if security isn’t at the forefront.  DDoS attacks can take out an entire site in a matter of minutes.  Furthermore, firewalls and traditional tools are not enough to mitigate the risks.

With this knowledge and the fact that business disruption and data theft are a daily reality for businesses; institutions should know by now that they need to be one step ahead of attackers at all times.

To stay in business and protect your assets, DDoS readiness must be a part of your ongoing information security and incident response plans.

What challenges are you facing when it comes to implementing a security posture that ensures your organization is ready for DDoS attacks?

Photo Courtesy of Benoit Daoust