Cybercrime – the potential cost to your company’s reputation; by Jeff Smith, Senior Director, Product Management, Level 3 Communications, an exhibitor at Infosecurity Europe 2013.
Reputation tends to be an organisation’s biggest asset, and in today’s online world this is truer than ever. Virtually any business with an Internet presence – from e-commerce vendors to financial services brands and entertainment platforms – trades strongly on the strength of its reputation.
The problem is, cyber criminals know this. In fact, according to The Cost of Cyber Crime report* published by the UK Government, UK businesses lose £21 billion every year to cybercrime.
A distributed denial-of-service (DDoS) attack instigated by cyber criminals can bring a company’s website to a halt, preventing genuine customers from accessing pages, making transactions and payments, watching online videos or undertaking normal day-to-day online activities.
The knock-on effect from this is further amplified by today’s social media savvy users who tend to spread negative commentary about website downtime and slow content, potentially damaging a company’s reputation.
The end result can be every brand manager’s nightmare – and market share can be lost to competitors.
The impact can also be financial. DDoS attacks can cost a vast amount of time and money, not only through loss of business, but also through consuming an IT department’s manpower and technology resources. Cyber criminals benefit because they can hold customers’ Internet connections hostage for payment, or because so-called “Hacktovists” can attempt to tear down a website infrastructure as a protest against something.
Such attacks are also becoming more advanced and powerful. According to recent research by Prolexic**, the average attack is now at the 20GBps mark. This is significant because only large companies with ‘heavy-duty’, high-capacity networks can sustain an attack of that scale. Attacks are also becoming multi-layered, using a combination of attack vectors, all of which are designed to outwit a company’s online defence systems.
Website downtime, or sites slowing to a crawl because of nefarious traffic, can also cause significant impact on the value of a brand. The effect of such attacks can be several layers of management bearing down on an IT Department.
With cyber threats constantly changing in form, volume, timing, and points of origin, many organisations simply do not have the budget to hire the expertise to manage these dynamics, as well as focus on their core business activities.
The current economic climate does not help. With budgets under pressure and resources squeezed, more is expected to be achieved with less, so preparing for DDoS attacks is often seen as a ‘nice to have’, rather than as a critical investment. However, this need not be the case – preparing for a DDoS attack can deliver real ROI in terms of averting crisis.
The problem is, preparing for unquantifiable future cyber threats often comes second to activities that proactively generate revenues. However, it is Level 3’s experience that when a DDoS attack does strike, those who have prepared will not only foil cybercriminal attempts, but also potentially reap rewards as both revenues and brand value can be protected.
Detecting and mitigating DDoS attacks requires insight, expertise and specialised resources. Most enterprises — and many service providers — simply do not have the broad network capabilities and overview to effectively manage cyber security risks.
With network-based DDoS Mitigation services, organisations can benefit from the infrastructure, network visibility and security expertise needed to help protect their assets against malicious assaults. With network ‘early warning’ alerts, organisations can react to cyber threats – before they impact the reputation of their businesses. Visit www.level3.com
(*Source: The Cabinet Office)
(**Source: Prolexic ‘Q3 2012 DDoS Attack Report’)
Cyberspace is inextricably woven throughout the fabric of society. It extends from the public Internet, through both wired and wireless telecommunications networks, and into every home and business that uses digital voice, video and data. Treating the security of cyberspace separately from the physical world can be misleading, particularly considering the range of critical infrastructure applications such as transport, energy distribution, and finance that require digital communications. Because it is ubiquitous, cyberspace is vulnerable to attacks by malicious parties from anywhere around the world. Ensuring cybersecurity is essential for society because the costs of ignoring it are too high.
Also, due to the evolving sophistication of attackers, the tools, policies and procedures effective against attacks yesterday may continue to become obsolete. Therefore, any new cybersecurity framework needs to avoid rigid procedures. Innovation and rapid response to threats should be rewarded. Appropriate incentives (both rewards and punishments) are needed for each segment of cyberspace. Because new threats are constantly developing into new, potentially unrecognizable attacks, any legislative or policy initiatives designed to combat these threats must be flexible and adaptable to encourage a high level of innovation.
