Is it the responsibility of the business manager since it affects revenue?.Is it the responsibility of application owners since it impacts application availability?.Is DDoS protection the responsibility of the network administrator since it affects network performance?.This allows you to prioritize protection and determine which type of protection is required.Īfter a monetary value is defined for each asset, determine who is responsible for protecting them from However, the potential loss of their financial services infrastructure and the ability to process customer loan applications was deemed unacceptable, since this would potentially result in millions in lost revenue per hour.Īfter you assess the risk to each asset, prioritize them according to risk and potential damages. Much of the information was available from other online resources, and the reputational/brand risk was minimal. A DDoS attack against a customer-facing e-commerce site will have a different impact than an attack against a field office.Įxample: A large car brand evaluated the potential impact of their “brochure” website being unavailable for a few hours and determined this to be an acceptable loss. When evaluating the potential damage of a DDoS attack, assess vulnerable assets individually. This includes both customers who are unable to reach your website during an attack and customers who choose to stop doing business with you as a result of a cyber attack. Loss of customers – One of the biggest potential impacts of a successful DDoS attack is loss of customers. Damage to brand is often hard to calculate, and it can take years to rebuild brand equity. SLA obligations – For applications and services that are bound by service commitments, any downtime can lead to breach of SLA, resulting in refunding customers for lost services, granting service credits, and even potentially facing lawsuits.ĭamage to brand and reputation – Availability and the digital experience are increasingly tied to a company’s brand.Any loss of availability as a result of a cyber attack can directly impact a company’s brand and reputation. Loss of productivity – For organizations that rely on online services, such as email, scheduling, storage, CRM, or databases, any loss of availability to any of these services will directly result in loss of productivity. For example, if your website generates $1 million a day, then every hour of downtime, on average, will cause over $40,000 in damages. Some of the potential damages that can result from a DDoS attack include:ĭirect loss of revenue – If your website or applications are generating revenue, any loss of availability will cause a direct loss of revenue. Keep in mind that some damages are direct,while others may be indirect. Mapping external-facing assets will help you construct a threat surface and identify points of vulnerability.ĭetermine the value of each asset and allocate appropriate budget and resources for protection. Domains, subdomains, and specific FQDNs.This list should include both physical and virtual assets: Begin by listing all external-facing assets that could be attacked. The first step to securing your assets against a DDoS attack is to know which assets are most at risk. The same logic applies to protection against DDoS attacks. The ancient Greeks said that knowing thyself is the beginning of wisdom. While there’s no way to predict when an attack will happen, following the steps outlined in this guide will allow you to minimize the impact of the attack, recover quickly, and ensure it doesn’t happen again. Given the sophistication and determination of today’s attackers, chances are that your organization will eventually suffer a damaging DDoS attack.įortunately, with proper planning and proactive deployment of a scalable DDoS protection solution, there is a great deal that can be done to reduce the risk and potential impact of a DDoS attack. The motivations for DDoS attacks vary widely from hacktivism to cybercrime to espionage. Today’s sophisticated DDoS attacks frequently result in lost sales, abandoned shopping carts, damage to reputation and brand, and dissatisfied customers. Distributed denial of service (DDoS) attacks flood the network with malicious traffic, impacting the availability of applications and preventing legitimate users from accessing business-critical services.