Somehow, though, that idea of being prepared has gotten lost when it comes to corporate IT departments – arguably one of the most high-risk environments there is. Virtually speaking, it’s right up there with, say, Kandahar, or rebel-controlled Syria. But the idea of practicing what to do in the event of a breach or cyber-attack has been largely missing from security plans, with most recoveries existing in a purely reactionary space.
NCC Group, the global information assurance firm, is aiming to bring the idea of a fire drill to the IT security sector with the DDoS Assured simulation service. Through it, businesses can test their response procedures in the face of a real distrubuted denial-of-service (DDoS) attack.
The drill involves hitting the customer with a controlled, low-level DDoS attack, allowing employees to practice their roles and responsibilities in an attack scenario.
While NCC Group controls the attack, companies can examine staff reaction and ensure procedures are in place to manage not only the assault itself, but also discourse with affected customers and the supply chain.
“Unlike other more subtle cyber threats, the consequences of a DDoS attack are immediate, so organizations must be ready to respond instantly in order to minimize disruption,” the company said. “The fire drill service is quick and simple to set up, and ensures all employees are aware of the potential dangers and know exactly what's required once an attack starts.”
Indeed, DDoS attacks have become increasingly prevalent...and expensive.
IBM found recently that 2012 saw an enormous increase in DDoS traffic volumes using up to 60–70gbps of data, driven by compromised round-the-clock, higher bandwidth web servers instead of PCs: the attackers, in short, are modifying their tactics to increase sophistication. Hacktivists also have selected DDoS as their weapon of choice, and the ready availability of exploit toolkits such as “itsnoproblembro” provide upgraded technology to even the rank-and-file antagonists.
The attacks are poised to get even bigger, if the March attack on Spamhaus is any indication. Spamhaus, an IP blacklisting service, was under a DDoS attack for a week. Attack traffic was rated at up to 300Gbps – three times higher than the previous record, and six times greater than the typical attack recently targeting US banks.
It’s not cheap to recover from either. According to a report from Solutionary, organizations are spending a staggering amount of money in the aftermath of a DDoS attack: as much as $6,500 per hour.
"Being prepared and ready is paramount when it comes to any emergency, and cyber security is no different,” said Paul Vlissidis, technical director at NCC Group. “An effective response to a DDoS attack hinges on educating and preparing staff, and there's simply no substitute for practice.”
He added, “Organizations regularly undertake dry runs of emergency procedures to ensure they know what to do when disaster strikes DDoS attacks should be added to that list."