Over the past few years, the scale of distributed denial of service (DDoS) attacks has become steadily larger, and defences have grown commensurately. Cyber security has become a game of cat and mouse in which neither side has become too powerful, but this might be about to change. Deloitte predicts that in 2017, DDoS attacks will become larger in scale, harder to mitigate and more frequent.
The Technology, Media and Telecommunications Predictions Report indicated that there is expected to be on a average a 1 TBps attack every month during the year, over ten million attacks in total and an average attack size of between 1.25 and 1.5 GBps of junk data being sent. The report also noted that an unmitigated 1 GBps attack would be sufficient to take many organizations offline. As a point of reference, the largest attacks in 2013-2015 were respectively 300, 400 and 500 GBps, while 2016 witnessed the first two 1 TBps attacks.
The anticipated escalation in the DDoS threat is primarily down to three concurrent trends. There is an increasing number of Internet of Things devices that are usually easier to incorporate into botnets than better protected PCs, tablets and smartphones. There is an increasing availability of malware technologies that allow relatively unskilled attackers to launch attacks. Finally the availability of even higher bandwidth speeds means that each compromised botnet can now send a lot more junk data than ever before.
With websites being of such vital importance to many organizations, losing that website, even for a short period of time, can be severely damaging and could result in lost business. It is perhaps no surprise that business continuity professionals consider cyber attack to be their number one concern according to the latest Horizon Scan Report published by the Business Continuity Institute.
Phill Everson, Deloitte UK’s head of cyber risk services, said: “A distributed denial of service (DDoS) attack aims to make a website or connected device inaccessible. DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time. The shop struggles to identify genuine customers and quickly becomes overwhelmed. The consequence could see an online commerce site temporarily unable to transact, or a government site not able to process tax returns, for example.”
“Businesses of all sizes should acknowledge the growing DDoS threat and consider how best to handle attacks of these magnitudes.”