Cybersecurity best practices and DDoS defence strategies
As South Africa is the most connected country in Africa, South African organizations must be on high alert for cyberthreats. But the tolerance of and slow response to cyberattacks, probably due to a lack of vigilance or just ignorance, can cause them dearly when a DDoS attack hits. The costs of downtime are one thing, the reputational damage and loss of customers in the long run are difficult to be measured.
According to our analysis, DDoS attacks on South African networks were particularly rampant between Q3 2018 and Q2 2019. Attack activities peaked March and April this year, seeing 148 and 143 attack events, respectively. Between February and October this year, an average of 76 attack events were logged per month. As of November 5, six attack events were captured.
It should be noted that no continuous attacks were observed prior to February 2019, suggesting that DDoS attack is a relatively new “problem” to South Africa. In other words, we believe that extortionists are becoming active in the country by launching ransom DDoS attacks against enterprises such as financial institutions and online businesses.
Because of their large attack surface, Communications Service Providers (CSPs) often come under DDoS attacks first. Maintaining service availability not only is key to the CSP’s reputation, offering DDoS protection services to downstream customers translate into lucrative business opportunities. To solve the DDoS problem, adding bandwidth or purchasing more security devices are not the answer.
But with attack sizes of terabit per second levels becoming commonplace these days and continuing to increase, acquiring additional bandwidth capacity is never a solution. And even if the CSP can afford to do so, valuable bandwidth is not supposed to be occupied by junk traffic. This is not to mention the more complex application attacks, like slow attacks, that are hard to detect and mitigate. A custom designed infrastructure has to be built to mitigate network and application attacks.
Apart from infrastructure, to handle DDoS attacks effectively security strategies must be formulated ahead of time. Incident response plans, including drill tests and Security Operation Center (SOC), must also be tested and performed by security experts. Unless the CSP has the infrastructure, people, processes and technology mentioned above, combating DDoS attacks should be proactively managed by an expert like Nexusguard.
Without the right combination of people, processes and technology built upon the right infrastructure, the same old DDoS problem can cause a new pain to South Africa’s networks.