As organizations around the globe become more-and-more reliant on the Internet, a serious weakness has begun to emerge in our connected world. Since its inception, the Internet has been all about availability; when the Internet goes down, businesses that rely on that availability go down with it. DDoS attacks are single handedly the most serious threat to Internet availability and the benefits derived from being online.
For years businesses have deployed “redundant” sites, circuits, networks, routers, firewalls, switches, servers, applications, and even processes in the attempt to eliminate or reduce downtime due to a failed system or other unexpected outage. However, all the redundancy in the world will not help when your organization is targeted by a DDoS attack. Redundancy simply goes down with the ship.
This dilemma forces any business to ask the question, “DDoS – whose responsibility it is?” According to a recent survey conducted by Kaspersky Labs, 21% of the nearly four-thousand respondents believe it is the responsibility of the network service provider (ISP) or the website/hosting provider to protect businesses against a DDoS attack. These statistics demonstrate that many believe that their Service Providers or Hosting providers will solve their DDoS problems.
However, not all service providers or hosting providers want to get involved in solving the DDoS problem for their downstream customers. Why? Simple – it costs service providers time and money when they get involved in blocking your DDoS attacks. Remember the service provider is not under a DDoS attack – you are! When your organization is the target of an attack, the service provider is simply the delivery vehicle for the attack traffic. They’re not the root cause of the attack.
With that said, all businesses must take their own measures to detect DDoS attacks and prevent the outages that would be incurred due to an attack. If businesses believe that their service provider or hosting provider will solve all of their problems, they should look closely at the Service Level Agreements (SLAs) to insure that their service provider will resolve a DDoS attack for them. If not then it’s really up to the targeted victims to purchase and/or deploy some sort of countermeasure. According to the survey mentioned above, “50% of all businesses agree that specialized countermeasures against DDoS attacks are an important security requirement.
Who do you hold responsible for protecting your network against DDoS attacks?