Close

Personalise the Gen-i website

You can change these settings to personalise the Gen-i website experience to your needs. Settings are saved to browser cookies.

Your location

We use your current location to help personalise the contact info we show you

Glossary popups

The Gen-i glossary popups help provide information on abbreviations and jargon used on the site

Layout

You can set the site to always use the tile or list layout, or the default mode.

DDoS attacks – the new norm?

These days you don't have to be a government agency, bank or right-wing website like Whaleoil to be concerned about becoming the target of a Distributed Denial of Service (DDoS) attack. 

The hackers who carry out these costly shutdowns are getting stealthier and more ferocious, and organisations across all industries need to get prepared.

According to NSFOCUS, a major DDoS event broke out every two days on average during the first half of 2013 and about two-thirds of victims suffered more than one attack.

So just what is a DDoS attack? It’s an attempt by an attacker to make an online service unavailable to genuine users by overwhelming it with traffic from multiple sources.  

Unlike a Denial of Service (DoS) attack, where an attack comes from a single host, a DDoS attack uses many compromised systems - sometimes thousands - to simultaneously launch attacks against a target site. 

It results in an overload of computing resources as servers try to handle the flood of incoming messages and, at its worst, can affect entire networks connected to the computer being attacked.  To legitimate users trying to access a targeted website, it may show up as slow performance, with files or pages opening at snail speed, or the site will be completely offline. 

I often get asked who should be most concerned.  Hackers do not discriminate by size and any organisation can become a target either directly or indirectly, ranging from banks and government agencies, through to news websites and private businesses.

DDoS attacks are increasingly being carried out as cyber terrorism and organised crime, making sites unavailable for political gain or to demand a payment before the attack is stopped.  These attacks rarely hit the media as few organisations want to publicise a security breach. 

In New Zealand, high profile hacktivism attacks have included the online activist group Anonymous threatening our government to protest the actions of the GCSB.  More recently, Whaleoil was stranded for many days when unidentified cyber assailants attacked the site.

Attacks can have a long-lasting impact beyond the shutdown of services for a period of time.  Every minute of downtime for a business site can equal thousands of dollars in lost revenues.  And security incidents often have a negative effect on business operations, resulting in significant opex costs, loss of customer trust and erosion in brand reputation.  There are also legal and regulatory obligations as part of business continuity planning.

So what should you do to protect yourself from the DDoS threat?  Traditional security products are not designed for today’s complex DDoS threats as many provide protection on site. That means that by the time an attack is detected, it is already using up internet bandwidth and process power and disrupting legitimate business transactions.

And buying more bandwidth and processing power may not help as the attacker can simply add more attack machines. 

If doing business online is important to you, you’ll need an ICT partner that proactively mitigates risks by working with companies to monitor international gateways, detect and prevent attacks at source without disrupting normal business transactions.  

Gen-i has a Managed DDoS Protection service and has joined Abor Networks’ Cloud Signalling Coalition (CSC) to help further reduce time-to-mitigation for dynamic threats facing our client’s networks.

You can’t afford to disregard DDoS attacks. The risk is too severe.

Blog by:
Ling Hou, Business Manager - Security

View all posts by this author See full bio
Close

I lead the Security Product Portfolio in Gen-i, delivering a range of cloud and managed security services to securely enable our clients’ businesses. My job is to understand the threats facing our clients, overall market trends and then bring to market effective security products so our clients can focus on what matters to them. I also look after Network for Learning, Telecom’s secure internet services for schools that are safe, easy, relevant and affordable.

When I’m not at work, I like to go  mountain biking, but more likely I’ll be hanging out with my young kids at playgrounds fine tuning my (small) people management skills.

Hide

Comments (0)

Join the conversation

Did you know you can direct your comment to a specific paragraph just by clicking on that paragraph in the blog?

cancel