Mitigating cybercrime to combat security-breach domino effect
By Robin Schmitt October 5, 2016
- DDoS attacks are no longer ‘just an IT problem’
- On-premise DDoS mitigation should be focused around a well-documented incident response plan
Many concerns come hand-in-hand when owning a business with finances and technology often topping the list. Oddly, cybersecurity can often slip down the priority list. Consider this: your business is up and running, you have the necessary finances, you’re scaling exponentially and technology is meeting that demand when your app is hacked, taking down your online business and the personal and private details of your trusting customers. The security of your business could make all the difference between a positive customer experience versus a damaging negative one.
In 2016, cyberattacks show no sign of slow down – just recently multinational technology company, Yahoo, fell victim to a massive data breach that exposed over 500 million user accounts. Moreover, as the recent Distributed Denial of Service (DDoS) Attacks and Protection report by Neustar points out, 77 percent of organisations in the Asia-Pacific region were affected by DDoS attacks, with 63 percent of those attacked reported the theft of IP, financial and customer data. Frequent attacks and distressing reports only prove that hackers are way ahead of security systems, and both business and IT leaders should put more effort into pre-empting cyber threats
DDoS attacks are no longer ‘just an IT problem’. From IT, customer service to marketing, no department within an organisation is immune from the effects of DDoS because when an attack hits, it reverberates throughout the enterprise, and when it is successful, it indiscriminately affects the bottom line. This is proven that one in three organisations in Asia Pacific said that when the security breach happened, the biggest costs came in from customer-facing functions such as call center, customer service, and marketing.
As the cybersecurity landscape is constantly evolving, protection solutions must also constantly adapt to anticipate attackers’ modus operandi. With that in mind, businesses should take the following steps to ensure their IT infrastructure is an impenetrable fortress.
Avoiding DNS Attacks
Often customers trying to access a brand’s website can get hijacked to bogus pages where their logins, passwords, and payment details are siphoned off - this is known as cache poisoning or DNS spoofing.
To protect against this, businesses can create digital signatures that ensure DNS responses are identical to those from the authoritative server, providing protection against forged or manipulated data. Managed DNS services with hardened security features provide the most effective protection.
The best options should provide DNS protection at no extra cost. Also, non-open source resolvers (unlike BIND) are less prone to malware, viruses, and attacks; and go for advanced security: permission levels, two-factor authentication and access control list (ACL) by IP to restrict access to DNS records.
Mitigating On-premise DDoS
On-premise DDoS mitigation should be focused around a well-documented incident response plan. After all, organisations will never be able to prevent attacks but they need to be able to demonstrate that they’ve followed a standard of care to protect customer data - similar to the malpractice field.
For this, organisations need to be taking the following steps: they need to be making themselves as unappealing to attacks as possible, reducing ROI for criminals by raising the costs of an attack with strong encryption, distributed data sources, and compartmentalisation of customer data.
Disturbingly, DDoS attacks are powered by cheap tools that are openly sold online and are the easiest way to disable websites, often as a smokescreen whilst malware or a virus is installed. More frequently, they are being followed-up with a ransom demand. This type of attack can include:
- Volumetric Attacks – saturation of a site’s bandwidth with high-volume traffic (UDP floods, ICMP floods, and other spoofed-packet floods)
- Protocol attacks – also known as state exhaustion attacks. These consume server resources or those of related communication equipment, like firewalls and load balancers (SYN floods, fragmented packet attacks, Ping of Death, and Smurf DDoS)
- Application Layer Attacks - these more surgical attacks aim to crash the web server (Slowloris, zero-day attacks, Windows or open BSD vulnerabilities, and attacks that target Apache) and are often masked as legitimate traffic.
Online brands should implement countermeasures with purpose-built DDoS protection—hybrid solutions are best, combining on-premises hardware and cloud-based traffic scrubbing.
It’s also important to ensure that there are measures and systems in place to detect when a breach occurs as early as possible and, following this, a response plan for attacks that has been developed in advance. This includes everything from preparing public statements for customers and employees as well as regulatory and press notifications processes.
Backing-up website messages and systems are also important duties to be dealt with in advance, as are alternative payment methods to mitigate a breach.
Finally, the response prepared needs to be rehearsed. The sooner the breaches are recognised and the faster the response process is enacted, the less damage is likely to result from it.
Identifying Authentication Fraud
Knowing whether purchase requests are legitimate or fraudulent could save your brand millions. During seasonal occasions or big sale periods, there’s indubitably an increase in consumers registering for shopping sites and applying online for credit. The internet is the perfect place for fraudsters trying to use someone else’s identity as it combines anonymity, reach, and speed. E-tailers need to confirm on the spot whether a request is legitimate or based on stolen or fictitious identities and can do this by quickly and accurately validating online purchasers’ information using a reputable fraud detection and data validation service.
The standard of care for dealing with cyberattacks is to implement “hybrid” DDoS protection. This involves both on-premises DDoS mitigation appliances along with services from DDoS protection providers who can help mitigate larger attacks.
Businesses rarely hold back when it comes to investment in CCTV, 24-hours security guards and specialist insurance policies to reduce losses and deter theft. They even accept the fact that criminals will steal from them someday and thus, put systems in place to help mitigate the damage when they fall victim. So, why should their attitude towards cyberspace be any different?
If companies theorised about cybersecurity, in the same way, they would realise that there is at least equal if not greater risk of cybercrime theft of both money and data (not to mention brand reputation!) and that putting systems in place sooner rather than later is important.
With the adoption of these protection measures, improvements won’t happen overnight but they could make a significant positive difference in the long-term. The online community in Asia needs to develop and incorporate a standard of care mechanism to raise the cost of an attack as a deterrent for opportunistic attackers.
Robin Schmitt is Neustar's Head of APAC for Security and MarketShare