Massive DDoS attacks have become too common in today’s internet landscape. Just the other week, some of world’s most trafficked websites, including Twitter, Amazon, Reddit, and Netflix, were crippled by a heinous assault on their DNS provider. Three separate influxes of traffic were sent from thousands of connected devices, causing performance issues and outages throughout the day.
The magnitude and frequency of these attacks are increasing on a daily basis, so it’s more critical than ever to start the DDoS mitigation conversation with prospects and customers. One attack, on average, can cause a company six to 24 hours of downtime and losses of $40,000 per hour, according to a study by Incapsula. With that being said, here are three verticals in need of DDoS mitigation now:Finance
Out of all cyber threats that lurk the web, DDoS is the most commonly used against financial services businesses. According to Verizon’s Data Breach Investigations Report (DBIR), it accounts for 32% of all attacks in this vertical. A recent example from earlier this year is the attack on HSBC. The England-based multinational banking company had its online banking system shut down by a DDoS attack, frustrating its customers on the day their first paychecks of the year were supposed to be deposited.
Implications of DDoS attacks on a financial services business:
- According to American Banker, attacks can cost a bank as much as $100,000 per hour.
- Creates smokescreen to distract IT teams, resulting in data breaches that can result in GLBA and other compliancy fines.
- Customers leave for a competitor due to frustration or mistrust.
- Reputation damage can hinder new customer acquisition.
- Company can face a lawsuit if sensitive data exposed.
Because of the frequency of attacks, and the consequences that can result from them, DDoS mitigation adoption in the vertical is growing. From cloud-based to hybrid mitigation models, financial services businesses are looking for ways to keep their networks safe.Education
Schools and other educational institutions make easy targets for DDoS attacks because many lack the expertise and resources needed for proper mitigation. Just last year, a handful of major colleges, including the University of Maryland, Johns Hopkins University, and Rutgers University, were victims. One of the more notable recent attacks occurred in Japan, where a 16-year-old student bombarded the Osaka Board of Education server, resulting in 444 school websites being knocked offline.
Implications of DDoS attacks on an educational institution:
- Disruption of enrollment or online tests during registration periods or final exam weeks.
- Networks have been known to be shut down for weeks due to lack of resources.
- Inability to deliver content, post grades, process payments, and communicate over the internet.
- Creates smokescreen that cloaks threats targeting FERPA-protected data or financial systems.
- Loss of data can result in denial of funding, private lawsuits, and reputation damage.
According to Arbor Networks, DDoS attacks on the education vertical have been on the rise in 2016. For the most part, these incidents are conducted by students whom don’t want to take an exam. It’s essentially like pulling a fire alarm, except far more complex and destructive.Government
Hacktivists are frequent culprits behind DDoS attacks on government properties. These people usually launch an assault in protest of actions taken by an organization. For instance, the infamous Anonymous group hit Brazilian government websites with a multi-phased DDoS attack in protest of the Olympics in Rio de Janeiro. Several websites were affected and personal, financial, and login data was leaked.
Implications of DDoS attacks on government organizations:
- Halt operations because many agencies rely on application-based and online workflows.
- Confidential and sensitive information can be exposed (Wikileaks, Snowden, etc.).
- Can be used as a smokescreen for data breaches, resulting in FISMA and FIPS compliancy fines.
- Can cripple information technology and critical infrastructure (water, electricity, transit, etc.).
- Shows weaknesses in government cyber defenses, inducing public fear.
Despite being a part of the government, not all agencies and organizations have top-of-the-line protection. According to the Government Accountability Office, there were 77,000 attacks against federal agencies last year. Even the NSA, an organization dedicated entirely to the protection of U.S. government communications and information systems, had its website knocked offline back in 2013.Ask the Right Questions
Now that you know which verticals you should be targeting and why, it’s time to start the conversation. To do this, ask the following discovery questions:
- Have you been hit with a DDoS attack in the past year?
- How much downtime can your company afford?
- Are you at risk of breaking compliance regulations from in result of a DDoS attack?
- What partnerships, technology, and processes do you currently have in place to protect your environment?
- What third-party vendors do you work with that could potentially leave you vulnerable, allowing access to your network?
- What is the status of your emergency response plan (incident response plan)?
- Do you have a business continuity plan in place?
- What in-house expertise do you have to react to an incident that occurs?
TBI offers best-in-class DDoS mitigation solutions from industry-leading providers like Level 3, CenturyLink, Verizon, and Masergy. From global mitigation network scrubbing centers to 24/7 threat monitoring and predictive analytics, these leaders help businesses minimize downtime of attacks or stop them before they start. Speak with your Channel Manager today to get help finding the DDoS mitigation solution that meets all of your customers’ needs.
Download our DDoS overview guide to learn more about DDoS mitigation and how to sell.
About the Author
Adam Dawson is TBI’s Marketing Communications Manager. As the organization’s wordsmith, he is responsible for creating engaging content and carrying out internal and external communications programs. This includes circulating information to TBI’s agent partners, educating them on hot topics in the industry, and guiding them to the best provider products and solutions for their portfolios. You can reach Adam at firstname.lastname@example.org connect with him on LinkedIn.