A distributed denial-of-service (DDoS) attack that shut down much of America’s internet recently was reportedly the largest ever. Dyn, a company that controls much of the internet’s domain name system infrastructure, came under sustained attack for most of Oct. 21, bringing down sites like Twitter, the Guardian, Netflix, Reddit, CNN and many others.
Any event that disrupts a company’s internet service can quickly and severely damage a company’s reputation and image. Similarly, a company’s inability to protect sensitive information of its customers can significantly impair customer’s trust. Experts agree that critical for all organizations to prepare a DDoS attack response plan that addresses both technical and communications aspects. All companies affected by an outage, not just the company at the source of the problem, must implement a technical and communications response.
Like most DDoS assaults, the attack on Dyn knocked out the network by seizing control of other devices and flooding it with useless traffic. Such attacks typically emanate from large numbers of computers called “bots” or “zombies,” all controlled through a “botnet.” In this case, the so-called Mirai botnet mostly used internet-of-things devices such as digital cameras and DVR players.
Organizations that depend on the Internet for revenue suffer an estimated average daily revenue loss of $2,000,000, nearly $100,000 for every hour without Internet service, according to Neustar. Other businesses’ losses average about $10,000 per hour.
Public Relations Damage can be Severe
“While these hourly losses are significant, they fail to incorporate the costs of reputational damage,” says Andrew M. Hinkes, an attorney law firm Berger Singerman. “Acknowledgement of a DoS attack can cause a PR crisis, and sometimes require replacement of IT leadership, corporate rebranding and significant PR expenditures to recapture public confidence.”
Companies must prepare for, respond to and explain outages. While technical issues cover much of an organization’s response, an equally important must-do is protecting and restoring the organization’s reputation.
“Without an immediate solution to rebuild the internet, enterprises must focus on the essential strategic communications elements that can help soften the fallout and speed up brand recovery following such an attack,” says Samantha Kruse, account supervisor at LEVICK.
Key Elements of a DDoS Attack Response
- Establish methods of communication within the organization, especially communications with key decision makers, to ensure key stakeholders are notified and consulted during an incident.
- Ensure open lines of communication with marketing and public relations departments to enable these teams can communicate with the media and other stakeholders.
- Stress test your network to simulate an attack, and make sure the IT department understands your devices’ load tolerances and identify which devices are easy targets. Redundancy and co-location and geographic distribution of resources helps avoid a loss of a critical service.
- Identify the specific server or applications under attack by looking at IDS, flow data, server logs, application logs, or other network data, and looking for high-usage patterns, advises Nick Lewis, an information security architect at Saint Louis University. If a Web application is under attack, a response could be to move the Web presence to a different hosting provider, server or network, or to implement a DDoS protection tool. The server or service can even be moved to a cloud provider or a content distribution network.
- Find highly-trained third parties, such as forensic specialists and outside IT consultants, before an attack so you can quickly and efficiently deploy them if an assault does occur.
- Train employees about data security basics. While employees may not be able to protect a company from a DDoS attack, they can be your biggest weakness or biggest advocate in recovery, Kruse says. If untrained, employees may comment about the attack on social media before a company prepares a media statement or even finishes investigating the situation. Collaboration between the IT department and the PR department results in the best employee security training.
- Control the narrative. Inform affected internal and external parties about what happened and what you are doing to fix it before they find out from another source.
- Prepare alternative forms of communications that don’t depend on email or online customer service centers. Companies will be unable to access its customer databases or answer queries/complaints coming through those avenues.
- Coordinate your message with business partners and vendors. If your business operations depend on other service providers, be sure to notify them before the general public about any potential internet attack that might impact their operations.
- Monitor social media for comments about your internet service and post updates about status.
Bottom Line: A distributed denial of service (DDoS) attack can cause more damage to an organization’s reputation than its loss of revenue during interruption of internet service. That’s why it’s critical to prepare a DDoS crisis plan that coordinates technical and communications responses. While the plan may have much in common with general PR crises responses, it’s important to develop special plans to respond to technical disruptions of service or security breaches.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.