Last Christmas, as gamers around the world were excitedly trying out their new systems, a different type of gamer was preparing an attack that would take both Sony’s PlayStation Network and Microsoft’s Xbox Live services out of commission for days. As disappointed as millions of gamers were over not being able to play, the tech world had to face up to a much more serious problem: just how easy it is to launch a distributed denial-of-service (DDoS) attack.
A DDoS attack amounts to flooding a server with so much useless information that it can’t process it all, and it doesn’t take expert hacking skills to pull it off. There are even free tools that will do it for you; all you have to do is type in a URL, sit back, put your feet up, and watch the site go down. While giants like Microsoft and Sony are usually a little too sophisticated to be humbled by the free tools, they’re far from impervious – as we all learned Christmas Day.
Why Sony and Microsoft? Most experts believe that the attack was a form of social protest. It’s an effective way to get attention, and it’s a lot more comfortable than parading around outside waving a placard. And, while protesting outside of company headquarters may annoy employees and garner media attention, those protests typically have little effect on the end users of a company’s products. A DDoS attack goes straight to the people who are inconvenienced the most – and the ones who will speak the loudest when it comes to demanding change.
But you don’t have to be Sony or Microsoft to become a target of “protest via DDoS.” An unhappy customer, a disgruntled employee, a negative story in the local news, even a false rumor on social media can bring a DDoS attack right to your doorstep. Whereas attending a physical protest can be time-consuming and inconvenient, setting up a DDoS attack is an easy way for hackers to make a statement while boosting their street bonafides.
The end result is a very low barrier to entry and a huge perceived payout. From the hacker’s perspective, there’s little reason not to do it. That means companies large and small have to spend time and resources defending themselves, and many of them can’t afford to hire the in-house talent it takes to stay on top of this constantly-changing threat. Many turn to outside service providers, who have the advantage of being able to focus solely on preventing DDoS attacks. Security providers can offer round-the-clock emergency services, so that if your servers do come under attack, you can be up and running again as quickly as possible.
Whether you decide to keep things in-house or to hire outside experts, one thing is clear: No company is too big, and no company is too small. Cyber security must therefore be a top priority for all businesses.
###
