An executive of American technology company Neustar Inc. advises Philippine companies to prepare for the so-called distributed denial-of service or DDOS attack, a cyber-attack where the perpetrator aims to consume network and computing resources connected to the internet, making the effected internet resources unavailable to the intended users.
“Worryingly DDoS attacks show no sign of slowing down, with new incidents making headline news almost daily. Major attacks within the Philippines include the DDoS attack on the Philippine government websites in July 2016, impacting government operations and more recently, the DDoS attack on the National Union of Journalist of the Philippines in January 2017, which took down the NUJP website,” says Robin Schmitt, general manager of Neustar in Asia-Pacific.
Typically, the attack is conducted by flooding the targeted resource with a huge number of requests to overload the network and computer systems. In a DDoS attack, the incoming traffic flooding originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
Attackers threaten an organization with a massive volumetric attack unless they pay a ransom.
“Companies need to realize that DDoS attacks are no longer ‘just an IT problem’. From IT, customer service to marketing, no business unit is safe from the effects of cyber-attack. When an attack hits, it reverberates throughout the enterprise, and when it is successful, it indiscriminately affects the bottom line,” Schmitt says in an email interview.
According to IDC, digital transformation of companies in the Philippines will see 25 percent of the top 1,000 companies have a majority of their business depend on the ability to create digitally enhanced products, services and experiences by 2020.
“However, the opportunity digital transformation affords also poses significant security challenges. Cybersecurity will increasingly be elevated to a tier-1 business priority. Enterprises must realize that in the world of cyber security, having the wrong solution or inadequate capabilities can be the difference between reading the news and making the news,” says Schmitt, who served as chief operating officer of Bombora Technologies for five years, before it was acquired by Neustar. Schmitt joined the Neustar team in August 2015.
According to Neustar Worldwide DDoS Attacks and Cyber Insights Research, DDoS attacks have dealt a serious blow to businesses in Asia-Pacific, with 33 percent of organizations reporting an average revenue loss of $250,000. “For the Philippines, this number is expected to rise as commitments to expand the national LTE [long-term evolution] coverage coupled with the rising adoption of unsecured IoT [internet of things] devices present threat agents with a greater attack surface for more sophisticated hacking. It is crucial to highlight that the size, complexity and ferocity of DDoS attacks has been growing and will continue to grow,” says Schmitt.
Results of the recent Neustar Worldwide DDoS Attacks and Cyber Insights Research Report show that more than 80 percent of surveyed organizations globally have been attacked at least once in the previous 12 months, representing an increase of 15 percent since 2016. Furthermore, 85 percent of those attacked were hit more than once.
“Worryingly, despite knowing the threats, companies are still struggling to detect and respond to DDoS attacks effectively and efficiently. In APAC, 49 percent of organizations need over three hours to detect a DDoS attack and an extra three hours to respond to one. To bring this into perspective, ideally, companies should expect to identify and mitigate an attack in less than 10 minutes,” he says.
Schmitt says implementing solutions before a breach occurs is the best way to manage the risk.
“As the cyber security landscape is constantly evolving, solutions must also constantly adapt to anticipate attackers’ modus operandi,” he says.
“Selecting a solution that matches the level of risk is critical. Implementing a solution that doesn’t provide adequate protection may lead to unforeseen losses when an attack occurs, while implementing an over-sized DDoS mitigation solution may be unnecessarily expensive. There are many different solutions on the market. It is advisable for companies to partner with an organization that provides the flexibility to fit a solution to the businesses technical environment and level of risk,” he says.
“With proper management and the right partners, businesses can protect their digital assets and avoid unnecessary financial and reputational loss,” says Schmitt.