50% of businesses forecast to be highly vulnerable
Seen to be on the increase globally, technology experts have raised the alarm over more Distributed Denial of Service (DDoS) attacks, especially on the financial sector and other corporate organisations in Nigeria.
With the first DDoS attack launched in 1974, experts said the menace has remained among the most persistent and damaging cyber attacks. They stressed that these attacks reflect hackers’ frustratingly high levels of tenacity and creativity, which created complex and dynamic challenges for anyone responsible for cyber security.
In computing, a DDoS attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Indeed, at the MainOne and Radware DDoS Proection forum in Lagos, on Tuesday, experts disclosed that credit card information of 350,000 individuals was stolen via Neiman Marcus, with more than 9000 of the cards used fraudulently since the attack.
Chief Information Security Officer, MainOne, Chidi Iwe, said over 50 per cent of enterprise companies globally, faced DDoS attacks at the end of 2015, and that it has been projected to be on the rise in 2016.
He pointed out that Nigerian businesses, which have grown from one Gbyte to over 10 Gbyte in recent years, have brought more attention to the country from hackers.
Iwe said there have been several attacks in the financial sector, which have not been brought to public notice, stressing that based on the Central Bank of Nigeria, (CBN)’s regulation, reports have shown over 600 per cent growth in DDoS attacks.
“Two weeks ago, there was DDoS attacks in Nigeria. Already, these attacks are said to have caused organisations globally over $500 billion losses in recent years. It has however, been predicted to increase, especially in this part of the globe,” he stated.
According to him, DDoS attacks are coming from the edges, that is, from outside the country but there are likelihood that the attacks will soon start coming from within, which would cause service disruptions and most times, total shut down of operations.
The MainOne chief therefore, encouraged customers to have large pipes for traffic movement to overcome DDoS attacks,.
Speaking from Radware perspective, the firm’s Security Solution Architect, Eran Danino, said fire walls have become the first area to be brought down by DDoS attacks, stressing that most organisations are not ready to mitigate DDoS attacks because of either saturated Internet pipes or the lack of security skills to detect and mitigate attacks.
“What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly. We have discovered that 30 per cent of the DDoS attacks saturate the Internet pipe; 21 per cent attacks the firewalls and 36 per cent battles the server. The complexity of the attacks is multi vector in nature, launched at different segments at the same time. There is a need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first,” he stated.
According to him, there are two approaches to attacking DDoS, which are through Hybrid solution and
full cloud service by protecting data from the cloud.
A panellist at the forum, Skye Bank’s Head, IT Infrastructure Service, Tagbo Nnoli, said major attacks in recent years on the financial sector, especially the banks have been DDoS and still growing. “We were not experiencing this about 10 years ago, but it appears the largeness of the sector has not only made it attractive, but highly vulnerable to attacks.”
Nnoli stressed that phising and social engineering (cards details snatching; frivolous emails) attacks are also on the rise. He urged bank customers to be extra careful in responding to electronic mail requests from unknown sources.
To John Anyanwu, Security Adviser, KPMG, there is a need for more education and enlightenment, stressing that end-users must become security conscious to avoid becoming a prey.