The COVID-19 pandemic has kept enterprises and their IT teams busy finding quick and effective ways to run their business while protecting their customers, partners and employees. Where some industries have been heavily impacted, others are striving and making every effort to maintain business continuity and not let this pandemic effect their services.
Network, video conferencing, OTT services, online medical consultation, hospital connectivity and communication – these critical services have never been more important than they are today – enabling businesses and essential services to function at a crucial time as people around the world try to find a semblance of normalcy through technology.
Protect what matters
Most governments have mandated organisations to have their employees work from home. There is a large section of employees across the world who now need virtual access to their corporate network and corporate assets to be able to do their jobs. But the reality is, many enterprises don’t have basic perimeter security in place such as protection against Distributed Denial of Service (DDoS) attacks.
“DDoS attacks are a threat to all web-facing setups. And currently, that includes pretty much every way of working.”
Hackers have spotted their chance
Attackers are taking every opportunity to run DDOS ransomware attacks and/or DDOS attacks to overwhelm an organisation’s traffic and services, targeting critical workloads with the intent to disrupt operations across key industries like healthcare, government, BFSI and IT/ITeS enterprises. A DDoS attack against an organisation is relatively easy to start and experts have estimated that running an attack can cost as little as $18 an hour using a cloud-based botnet of 1,000 desktops. On the other hand, for the organisation, a targeted DDoS against them can cost them up to thousands or millions of dollars.
Europol describes DDoS as “an accessible type of crime with limited barriers to entry because it is cheap and readily available”. As per a new report from Europol, we will see an increase in DDoS attacks during this pandemic period.
In the past month alone, there have been significant DDoS attacks on government bodies in the US and Australia and on hospitals in France and the Czech Republic. Clearly, no one is spared. The US Department of Health and Human Service (HHS) was hit with a massive DDoS attack. Hospitals in France and the Czech Republic – including those responsible for COVID-19 testing – were targeted by DDoS attacks which disrupted hospital systems. The Australian government announced that its online services portal, myGov, faced a significant DDoS attack which prevented users from accessing it for several hours. A food delivery service in Germany faced a bitcoin ransom attack which prevented it from providing food delivery services to people unable to go out.
Enterprises aren’t safe either as these attackers are well aware of the importance of maintaining services during this time and know when best to attack and demand ransom. As work-from-home measures and lockdowns continue globally in response to COVID-19, the cybersecurity situation may well worsen.
In this COVID-19 world, there are new realities that IT teams need to understand before preparing to deal with these DDoS attacks:
“The fact that many of the systems being targeted are critical and their outages can lead to losses, some of which can be irreversible, it is important that we stand our best guard.”
So, what’s the best defence?
Here are few tips for you to stay safe:
Are you prepared?
Many enterprises are quickly realising that while they may be behind the curve when it comes to remote preparedness, now is the time to act and address vulnerabilities in their security. Whether it’s achieved through internal resources or in partnership with a managed security services provider, those companies that tighten up their perimeters before it’s too late are the ones who will fare best in the coming weeks and months of this fast-developing situation.
Cyber security analysts at Tata Communications have released a special advisory report on the COVID-19 cyber threats. Click on the link to know more about the threats facing organisations during this period and get recommendations on how to prevent criminals from getting access to your organisation.