Distributed denial of service (DDoS) attacks flood organisations’ servers with more requests than they can handle, preventing their sites from functioning efficiently, or in some cases, functioning at all. They have crashed the sites of organisations including the UK’s Serious Organised Crime Agency, and an estimated two thirds are used either to make an ideological or political statement, or simply as a form of digital vandalism.
Despite their ease of execution, the fallout from a successful DDoS attack can be significant. The short-term effects are clear, damaging customer service and losing online revenue – but the lingering impact can affect share price, company reputation and customer retention.
To mitigate the risk of these damaging attacks, NCC Group has combined IT security expertise with its load testing and web performance specialisms, creating a service that emulates a DDoS attack in a secure, controlled environment. This ascertains how a company’s IT security systems respond under attack, with NCC Group making security recommendations based on the results. The simulation currently focuses on application layerattacks, which some mitigation services claim are responsible for over 85% of DDoS attacks.
Paul Vlissidis, technical director at NCC Group comments: “The full impact of a DDoS attack has been widely reported due to a number of high-profile cases. As awareness of a potential attack has grown, many companies have wisely invested in mitigation services. But these services are potentially useless if they’re not tested – and tested by an independent third party. It’s like investing in an insurance policy without confirming you have the correct coverage in place.
“A fully tested mitigation service will minimise any downtime as well as reassure risk managers that they have reduced the potential impact of a cyber attack.”