Bryan Hamman, the Regional Director: Africa, at NETSCOUT writes about the importance of mitigating escalating DDoS cyberattacks for African businesses.
As cyberattacks – in particular those of the Distributed Denial of Services (DDoS) variety – continue to rise at an unprecedented rate across Africa, it is no longer a question of ‘if’ your organisation will be targeted, but rather ‘when’. In fact, as recently as July and August this year, businesses across African countries such as Kenya, Nigeria and South Africa have all suffered the dire consequences of these incidents.
What is a DDoS attack?
A DDoS attack is an attempt to exhaust the resources available to an organisation’s network, systems, applications, content or services by bombarding it with fake traffic, meaning that genuine users are then unable to gain access. This type of attack is incredibly damaging to any business dependent on the internet to be able to function and, as we’ve seen in recent weeks across Africa, can affect organisations across every sector – from government to financial services, the media, telecommunications providers and more.
A business’s inability to withstand an attack and effectively and rapidly recover can be detrimental in multiple ways, with aftereffects including loss of revenue due to service downtime, compliance failures, negative impacts on brand reputation and public perception, as well as increased costs.
DDoS attacks are taking place continuously all over the globe, and so-called ‘bad actors’ are relentlessly improving their attack methods. This means that the ability of an organisation to maintain its availability and resilience in the face of an attack has become more important than ever before. A vital part of this is understanding the facts, risks and latest trends around them.Bryan Hamman, Regional Director: Africa, NETSCOUT
Four must-know facts about DDoS attacks
Fact one: Your cybersecurity solution might not cover all types of cyberattacks
Businesses may well have viruses and malware attacks covered but, as a type of attack that aims to overwhelm networks or servers with fake traffic, they must ask the question: “Do we have the right defences in place for something more sophisticated, like DDoS, that may not be classed as a ‘typical’ cyberattack?”
Fact two: Today’s DDoS attacks are becoming increasingly complex
At present, there are three main types of DDoS attacks:
· Volumetric attacks – designed to flood internet-facing circuits with illegitimate traffic, which might be easy to detect when larger. However, most volumetric attacks are under one gigabit per second in size and last for only a few minutes.
· State Exhaustion attacks – these aim to fill state tables in stateful devices, such as firewalls, VPN concentrators or load balancers, with illegitimate TCP connections. When these state tables fill, legitimate connects cease and the services behind these devices are no longer available – thus denying service.
· Application Layer attacks – these are much smaller sized, very hard to detect, and will slowly exhaust resources in application servers. When these application layer resources are exhausted, the application stops.
Fact three: ISPs will not be able to stop all DDoS attacks
An internet service provider (ISP) may be able to bring a larger volumetric attack to a halt, but it’s unlikely it will be able to detect those that are smaller and short-lived. The ISP will also probably struggle to identify State Exhaustion and Application Layer attacks before the damage is done.
Fact four: Having a firewall in place is not enough
There are several reasons why an organisation should not rely on firewalls alone. For instance, they offer only rudimentary DDoS attack protection, which impacts on the performance of more important functionality. A firewall will also not provide detailed visibility into dropped DDoS attack traffic, and has no way to intelligently communicate with a cloud-based scrubber solution for mitigation of large DDoS attacks.
Change and adapt… or suffer the consequences
It’s clear that organisations need to constantly refine their cyberdefence strategies to ensure that they are able to stop most attacks. Threat actors are persistently adapting their tactics, and as they cleverly up their game of attack, so too must smart defenders improve their defence positioning.Bryan Hamman, Regional Director: Africa, NETSCOUT
For African organisations of all sizes and across every sector, learning how to choose the right approach and solution for adaptive DDoS protection – one that meets your unique needs, aligns to the realities of modern attacks, and is built on industry-best practices and sophisticated solutions – is critical in order to ensure continued survival within the eye of the DDoS storm.