Essay by By Raymond Maisano, Head of Australia and New Zealand, Cloudflare.
Aotearoa New Zealand makes up a small portion of the world’s population, yet the country is being hit by a relatively bigger share of cyber attacks.
Chances are, you’re familiar with the term ‘distributed denial of service (DDoS) attack’. Not because your organisation has been subjected to one, but instead, the recent numerous, high profile attacks on local and global businesses have captured your attention.
With cyber attacks ramping up across the globe and Aotearoa New Zealand an attractive target, every business—no matter the size—must put protections in place.
What’s a DDoS attack?
Designed to disrupt the normal function of a server, DDoS attacks harness compromised computers and hardware like Internet of Things (IoT) devices to flood the target or its surrounding infrastructure with traffic. This influx can slow down or overwhelm a website or service, denying access to genuine traffic.
DDoS attacks are on the rise across the world, with attackers using different styles of malicious activity to take down websites and even using them as an attempt to extort money. Businesses from all industries were victims of ransom DDoS (RDDoS) attacks in 2021, and Q4 saw a 29% YoY and 177% QoQ increase.
New Zealand is a prime target
Only three active undersea submarine cables connect Aotearoa New Zealand to the outside world. In comparison to the rest of the world, this relatively small number makes it easier for the country’s networks to be overwhelmed.
In fact, the National Cyber Security Centre (NCSC) reported an increase in criminal or financially motivated actors with a significant national impact or potential to cause serious harm in its 2020-21 threat report (27% compared to 14% the year prior).
However, it is critical to note that organisations of any size can fall victim to a DDoS or RDDoS attack. No business is immune, and the impacts can be significant.
How can businesses prevent these types of attacks?
Most organisations in Aotearoa New Zealand are still trying to protect themselves using traditional security measures that are no match for a burgeoning tide of bots, ready to be mobilised against them in a few strokes of a keyboard.
While this might sound daunting, implementing good cyber security protections against DDoS attacks does not need to be.
- Speak with your network provider to understand what DDoS mitigation services they offer and how much traffic they can mitigate before your organisation is affected. This is an added service for some providers, while others might charge surge pricing in the unlucky instance that your website is bombarded with traffic during a DDoS attack.
- Ramp up your front-line protection. Engage a provider with specially designed network equipment or a cloud-based protection service to mitigate your business from incoming threats. Here, it’s essential to consider the potential risk to your company and consider the scalability, flexibility, reliability and network size of potential providers. For example, large-scale attacks have the potential to take out on-site network infrastructure, while cloud-based solutions can scale when mitigating attacks.
- Create a DDoS attack incident response plan. The overwhelming nature of a DDoS attack can take out multiple systems and services, not just your website. And in the moment, it’s easy for panic to set in. Be proactive, create a dedicated DDoS incident response plan, and conduct exercises to ensure its effectiveness.
- Regularly patch your systems, software and hardware. Developers regularly release updates to decrease or eliminate vulnerabilities in software. Applying these patches to operating systems, applications, and all network-connected devices in real-time is the simplest way to mitigate a cyber security attack. There’s a reason why patching is CERT NZ’s top critical control to protect organisations from being breached—don’t leave your business wide open.