The October DDoS attack on Dyn showed the world how truly vulnerable and fragile our network infrastructures can be.
“It can’t happen here.” These are some of the most dangerous words business owners utter when it comes to their company’s IT system.
CSO Online highlighted this point in a recent article that urged people to anticipate new IT dangers and prepare for them even when they still seem remote. Along with malicious cyber attacks, companies face the danger of other emergencies, such as malfunctioning devices and massive network failures.
One example: The October 2016 DDoS attack
The article mentions a cyber attack that led to a massive Internet outage this past October, denying consistent access to major sites such as Twitter, Amazon, and Netflix.
The attack, which came in waves over a span of close to 12 hours, hit an Internet services company. It was a Distributed Denial of Service (DDoS) attack that used millions of Internet-connected devices, including security cameras, to send unsustainable amounts of traffic to the targeted company’s servers.
What are some of the lessons we can take from this attack?
- Scant protection for Internet-connected devices can cause serious problems. Cyber criminals used a malware program to infect the devices and control them, allowing the DDoS attack to launch in a massive way from numerous systems. These devices generally had deficient protection against malware. For example, they may not have had strong passwords or firewalls, and they may have remained completely open to the public Internet. If a device is left with poor defenses, it can get exploited for nefarious purposes. That’s why it’s critical to choose the best devices, configure them properly, and monitor their activity. Understand the vulnerabilities of each device, and introduce it to your network only as needed.
- Attacks can come from anywhere and for many reasons. There’s a misconception that cyber attacks get carried out only by computer experts. The reality is that even people without much training can use relatively simple programs or buy services from a shady entity to perpetrate cyber crimes. In this recent DDoS attack, the malware program that infected the Internet-connected devices was straightforward to use; it didn’t demand a high level of skill. Another point to consider is that attacks may stem from a range of motives. The usual ones involve stealing sensitive data for financial purposes. But there are potentially other reasons as well, including vengeance and political protests. It won’t always be clear why you’re under attack or what the cyber criminals want.
- Monitoring for unusual network activity is critical. It isn’t possible to anticipate or fully block every single attack that may come your way. However, the proactive monitoring of network infrastructure and activity can still give you a warning that something is wrong. The sooner you detect a problem, the more likely you are to either thwart it completely or mitigate its effects. You’re less likely to get blindsided and have to scramble unprepared for a solution. Even if an attack gets launched on a massive scale, like the DDoS attack in October, proactive monitoring and organized defenses may still curb some of the worst effects. You’ll be able to regroup more quickly and reduce the amount of downtime you experience.
Protecting your network can seem like a daunting task, and in many ways it is. Unfortunately there isn’t any one protection that works 100% of the time. However, there are still effective measures for preventing or limiting cyber crimes and other IT emergencies. Monitoring your network round-the-clock is one of the best decisions you can make to protect your company.
Don’t hesitate to contact us to further discuss our network monitoring services. Unlike a purely reactive attitude, which results in a costly lack of preparedness, a proactive approach for your IT activities will save you money and unnecessary frustration. It will decrease the chances that you’ll suffer from protracted downtime and suffer serious damage to your system.