Home Insights Opinion DDoS and Expo 2020 In the build-up to Expo 2020, government institutions and enterprises should take steps to protect themselves from DDoS attacks, writes Mahmoud Samy by Mahmoud Samy January 31, 2016 Cyber security risks in the United Arab Emirates could intensify in the run up to the Expo 2020, according to industry analysts. One of the major concerns is that an event of this magnitude with such a high-profile focus creates potential opportunities for cyber crime. The Middle East has become a more frequent target of sophisticated cyber crime, dating back to the 2012 attack, against Saudi Aramco. In that attack 35,000 computers were partially wiped or totally destroyed in a matter of hours. This means enterprises and governmental authorities need to be vigilant about their security strategies. There are three sides to the classic security triangle: confidentiality, integrity and availability. A common mistake is for businesses to focus on the first two while ignoring or underappreciating the last. Often, enterprises miss the primary threat to service availability – distributed denial of service attacks. These attacks are designed to make websites and online services unavailable. If successful they have many consequences including lost revenue, brand damage and increased marketing costs to win back customers. According to data from Arbor Networks’ ATLAS infrastructure, which gathers traffic intelligence from more than 300 service provider networks, DDoS attacks are continuing to evolve in the Middle East in terms of size, frequency and complexity. Easy access to tools and services mean that anyone with an internet connection is able to quickly and cheaply launch a DDoS attack. The motivations vary. Certainly some are financial, as has been seen with the DD4BC attacks that took businesses offline and blackmailed them for Bitcoin payments to allow services to resume. Others, like hacktivists, have political and social motivations. Both groups could target government institutions and enterprises during such a high-profile event. How can enterprises measure up? In addition to best practices ensuring confidentiality and data integrity, enterprises should have a plan and process for detecting and responding to DDoS attacks. This means having tightly integrated protection on-premises and in the cloud. On-premise protection stops application layer and state-exhausting attacks that target existing infrastructure devices, such as the organisations’ firewall. Cloud based defence is needed against the very large attacks that have become commonplace. The human element is also important. Enterprises need to have a defined incident response plan to deal with all cyber security crimes. DDoS requires its own. Attack mitigations could involve the network operations team, the security team, application architects, mobility experts, the legal team and corporate communications, among others. What happens once an attack starts? How do you interact with your DDoS vendor? How do you initiate mitigation? Who do you need to notify internally? An incident response plan should answer all these questions. But rehearsing it so it can be smoothly executed under the pressure of an attack is a step that too many organisations ignore. This could prove to be detrimental for governmental entities and enterprises in the region in the long run, especially around Expo 2020. History has shown that high profile events tend to be magnets for DDoS attacks. When web properties and online services go offline, everyone notices. It is, therefore, important to make dealing with a DDoS attack as streamlined as possible from an operational standpoint. The attacks can be shielded against cost-effectively with the right services, solutions and processes – without jeopardising other aspects of the security infrastructure. Mahmoud Samy is regional director – high growth markets Russia/CIS and the Middle East at Arbor Networks 0 Comments