 | Issue: | Global 2012 |
| Article no.: | 14 | |
| Topic: | Protecting you and your business from cyber threat | |
| Author: | Colin Doherty | |
| Title: | President | |
| Organisation: | Arbor Networks | |
| PDF size: | 265KB |
About author
Colin Doherty is President of Arbor Networks. Most recently, he was Arbor Networks’ Senior Vice President of Worldwide Sales and Customer Service. Prior to joining Arbor Networks, Mr Doherty was President and CEO of Mangrove Systems. Before Mangrove, Colin spent more than 16 combined years at NMS Communications and Nortel Networks.
Colin Doherty graduated with honors in Business Studies from Dundee, Scotland and has a postgraduate degree from the Institute of Marketing in London.
Article abstract
The cyber threat landscape continues to evolve. The past two years have seen an explosion of tools that enable hackers to launch cyber attacks. Enterprises need to take a careful look at their own threat landscape, risk profile, network architecture and security deployments.Collaboration, education and vigilance are the key to cyber security.
Full Article
The Internet is a forum where people can unite for a single purpose. Sometimes they come together to rally for a good cause, and other times they use the Internet to launch cyberattacks.
With software that is sophisticated, yet easy to use and access, the infrastructure to launch a cyberattack is readily available. The practice of flooding a server with information or requests so that it becomes overloaded and unresponsive is known as a Distributed Denial of Service (DDoS) attack. It’s typically launched using botnets –hijacked computers controlled without the owner’s knowledge. When a website is overwhelmed with traffic, the servers are not able to process all of the requests. The result is a web site that simply ceases to perform.
In the past two years we have seen an explosion of tools that enable hackers to launch cyberattacks. Today, there are literally hundreds of tools available online, at the disposal of anyone with a grievance and an Internet connection. There are botnets for hire, DDoS attack services, even some advertised on YouTube by teenage girls. That is where we are today. Hackers have accelerated their pace of innovation in recent years, using the Internet not just to organize and mobilize, but they have created an elaborate toolkit that essentially lowers the barrier for entry for a hacker. This combination of activism and tools has led to an explosion of Hacktivisim, which has quickly become the 21st century form of a street protest.
What we have seen is the democratization of DDoS. Attack tools have empowered anyone with an Internet connection to launch an attack and take a business offline, making the risk of attack exponentially greater than in the recent past. This has profound implications for any business using the Internet as a platform for services and applications. Any enterprise operating online – which means just about any type and size of organization – can become a target, because of who they are, what they sell, who they partner with or for any other real or perceived affiliations.
It’s a game changer for enterprise security and time for better network intelligence. Application layer attacks are difficult to detect and security staff often don’t realize they are under attack until a service stops or the web site is down. Enterprises need to take a careful look at their own threat landscape, risk profile, network architecture and security deployments.
The best defense is a good offense
Whether we are talking the NFL or network security, if the defense doesn’t adapt to new types of techniques that the offensive is utilizing, they can’t win. The pendulum has swung; the hackers have dramatically stepped up their game. They are feeling good on the back of too many high profile takedowns to list, from the FBI, NATO to global banks, retailers and so many more.If we are to reverse this trend, it will take concerted efforts from all constituencies, from governments and law enforcement to businesses and consumers.
Governments around the world have been more aggressive in prosecuting cyber criminals. However, this was not always the case. Last year, research indicated that network operators lacked confidence in law enforcement’s capabilities and willingness to investigate online attack activity. This year, law enforcement is progressing with its efforts, making headlines such as with the arrest of infamous LulzSec leaders. If this trend continues it could serve as a deterrent for hackers who, up until now, presumably had no fear of retribution. This is a huge step toward a better offense.
Cyber security legislation has also made its way into the U.S. as well as in Latin American and European governments. In the U.S., for example, the goal of the Cybersecurity Act of 2012 is to better protect the nation’s critical infrastructure because it’s only a matter of time before hackers decide to wreak havoc by shutting off our water supply, or by forcing major subway systems to come to a standstill.
Because of the proliferation of mobile devices, consumers experience cyber threats every day. They come in the form of ID theft, phishing and online scams which continue to victimize hundreds of thousands of people a year. We are not secure just because we install anti-virus software onto our desktop computers. As consumers, we need to be informed, educated and vigilant. The hackers are always dreaming up new ways to steal from us, so we need to be on guard. How? Be on the offensive. Don’t click on the link in the email if it you don’t recognize the sender. Don’t put your bank account information or social security number in an email. Don’t fill out a form with personal information from an unsolicited email request. Don’t post sensitive information on Facebook. Hackers can piece together someone’s entire profile by the information publicly available from various online sources.
In all businesses today, everything depends on the network being able to deliver customer-facing services and applications. Therefore, network up-time, or availability, should be part of every business’s risk planning and business continuity strategy. Anyone can become a victim at any time for any reason. It could be a supply chain issue, a business partner, or a country in which the business operates. How important is being available to customers, suppliers and partners? If a customer can’t order something online or perform an online task, they will go elsewhere.
Research shows that awareness of DDoS attacks amongst end-customer organizations has greatly increased over the last year. Unfortunately, the most common reason for this raised awarenessis that they have been the target of a DDoS attack. This emphasizes the point that many businesses are ignoring the news about cyber threats until they themselves fall victim. Just as businesses plan for natural disaster and power outages, they also need to consider the impact and consequences of network outages. DDoS planning is risk planning. What is the cost of downtime? What are the potential consequences? Which consequences are acceptable and which ones are not? The answers can be measured in a number of ways, from lost revenue because of missed sales or added operational expenses. Operational expense continues to be the number one business impact from DDoS in data centers, increasing from 50 percent to 60percent in 2011.
Conclusion
Collaboration, education and vigilance are the key to cyber security. This is true between government agencies within the U.S., between the U.S.government and others around the world, between otherwise competitive service providers and finally, between end users and their providers.If we’ve learned anything, it is that hackers will not stop looking for that weakest link.Our collective job is to make that link stronger.
