Page 235 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 235
While there are many types of cyberattacks, distributed denial-of-service (DDoS) attacks, where
cybercriminals attempt to overwhelm and disrupt a target’s network or server, can be especially difficult
to protect against without the proper solution in place. And while nothing beats a strong defense, there
are other concrete actions that CFOs can undertake to ensure their companies aren’t making headlines
for the wrong reasons.
Forewarned is forearmed. In order to fully understand how to defend against a DDoS attack, it’s
imperative that CFOs first understand the threat itself and their companies’ risks. This means analyzing
the impact not just of a direct attack but of one directed at a partner or provider in your supply chain.
What would happen to your company, for instance, if your website came under attack? How long could
your website be down? How would this impact employees’ ability to work and are there workarounds?
What would that cost? The answers might be more straightforward when considering a direct hit to your
enterprise systems, but what happens in the event your ISP is the target? Whereas most ISPs are
protected against volumetric attacks, are they able to defend against carpet-bomb attacks, which spread
malicious attack traffic over a wide range of IP addresses? What, if any, is your recourse? In order to fully
and accurately determine your company’s risk, there are all questions that need to be answered.
Penny wise, pound foolish. When faced with challenging economic headwinds, reducing your security
department’s budget might seem like an easy fix. After all, your company might not yet have experienced
a cyberattack (with the emphasis on “yet”). Attacks are much more frequent than many realize, and for
most, becoming a victim of a cyberattack is really just a matter of time. Downtime from a DDoS attack
can quickly translate into lost revenue, and not just for traditional e-commerce websites but for any
organization that delivers online transactions or services. Even as companies look to tighten their belts,
ensuring a strong security posture is a must. Cutting the budget here could potentially cost 100-fold as
much down the line if you are the victim of an attack.
Hand-in-glove. CFOs must work closely with their organization’s IT operations and security teams to
understand their DDoS exposure risk, potential liabilities, and mitigating actions. Only by developing and
working closely with a cross-departmental team can CFOs gain the necessary insight into their existing
network infrastructure and identify areas that make the company more vulnerable to DDoS attacks and
allocate resources accordingly. It’s also important that CFOs understand the legal and financial
consequences associated with DDoS attacks, whether it’s broken SLAs and customer agreements or an
inadvertent violation of regulatory requirements. Close collaboration with IT and security teams will help
them assess their liabilities and the corresponding financial impact, and ultimately, effectively manage
risk. Moreover, CFOs should have a working knowledge of what’s needed in terms of infrastructure,
technology, and personnel in order to effectively mitigate DDoS attacks’ impact.
Every day you write the (training) book. Ensuring that staff are familiar with the warning signs of DDoS
attacks might seem elementary, but all too often staff outside the IT department are overlooked when it
comes to security training. In reality, all employees play a vital role in maintaining their company’s
cybersecurity posture and should be considered the first line of defense against a range of cyber threats,
including DDoS. Comprehensive training programs serve not only to arm employees with best security
practices to help stave off the likelihood that their own computer will become a vector for a DDoS bot, but
ultimately leads to a team that is attuned to cybersecurity risks and warning signs.
235
