If there is one word that can summarize what is most important for modern businesses to function in today’s times, it would be the above. In fact, it can well be considered the lifeblood of any business today. Look around at any business around you, their dependency on services, applications and websites is huge and almost irreplaceable.
And that is exactly why DDoS attacks are so damaging. They attack and unsettle the connectivity that a business relies on for its day to day functions. This makes DDoS attacks a serious danger to business continuity. And while most are aware of the immediate effects of a DDoS attack, there is insufficient understanding about how deep the damage can go. To add to that, most anti DDoS protection strategies and plans are designed without adequate grasp of the unseen effects of DDoS attacks.
Public facing losses
In the immediate aftermath of an attack, a company’s energies tend to be focused on getting its online presence back to how it was. What doesn’t get enough attention is the loss of customers the company faces because of the attack.
A terribly performing or unavailable website, self-help page, help desks, or any other poorly-performing service that faces the customer directly is only the beginning. Your customers can be drawn away by your competitors in the blink of an eye. Do you realize the lifetime worth of these lost customers or how much you’d be required to spend in order to retain them or, god forbid, win them back?
Sure, you can enact a number of customer confidence building exercises like offering rebates, coupons and other enticements but there is a cost attached to them as well. Moreover, can the exact cost to the company’s reputation and brand value caused by service unavailability or poor performance be established?
Non-public facing losses
Loss of customer confidence aside, there is also the damage wrought upon your internal applications and services, and those belonging to your associates. The foundation of modern business is built upon a vast server network that provides critical services.
Even if a DDoS attack is unable to disrupt traffic to and from your server, your application layer may not be as lucky and can be attacked relentlessly in order to bring down your server. In such a scenario, the fall of even one server can have a ripple effect that causes the downfall of your entire back end system.
At the retail level, your POS (point of sale) system can find itself unable to communicate with the inventory database or the discount data, both of which can hamper sales at the store level. The consequences of the back end system failing are even more serious for manufacturers; it can prevent suppliers from ordering parts which means your products won’t get built. Financial analysts will not be able to access sales data and current revenue which can make closing books tough, if not impossible. Your resources on the field will behindered in their efforts to provide on-site service as they will be unable to access customer service history and other account specific information.
Other pain points
As has been said before, a DDoS attack has the potential to disrupt your business at multiple levels. That is why you should design a DDoS protection plan only after exploring and studying every channel and method that can be used to deliver attacks on your server. And needless to say, the cost aspect has to be the most important metric here after data integrity. Some important questions that your protection and mitigation plan should account for include,
- How many of your IT people would be called upon to mitigate a DDoS attack and its aftereffects? How will this affect your regular wage bill?
- Would you need to hire extra personnel to deal with the attack? If yes, how much is it going to cost?
- What will be the loss incurred by redirecting all resources to regrouping after the attack instead of having them do their actual jobs?
- How many help desk calls are you likely to receive and what will the cost be per call?
- How much will it cost to restore operations?
- Will the restoring process need a reconfiguring of components andaddition of extra capacity; even if only temporary? If yes, how much will it cost?
- Will there be any kind of data loss? If yes, can the lost data be rebuilt? If yes, how much will it cost?
The changing face of DDoS attacks
We all know how irreversibly dependent businesses are on being connected all the time. That has led to attacks becoming more dynamic, innovative and consequential. To cite an example, the use of common protocols like DNS, NTP and SSDP, and inadequately secured servers to amplify or reflect attacks has enabled DDoS attacks to reach never before seen sizes. Such large DDoS attacks can severely hamper the functioning of common components like switches and routers. To make matters worse, load balancers, ADCs and even IPS and firewalls have only limited DDoS protection capabilities. They fall short by a long margin when it comes to offering comprehensive DDoS mitigation.
To sum it up, when you make an attempt to quantify the consequences of a deadly DDoS attack, you must think in broader terms about those consequences and the defenses you’ll need to counter them.
