Are cyber attacks becoming the go to cause for major IT failures?
As we reported earlier this week: Both the security industry and the wider community of web users had been rife with speculation and discussion around the recent GoDaddy downtime.
“Was it hacked?” was the big question on everyone’s lips and this knee jerk speculation was fuelled still further by reports emerging that a supporter of Anonymous, the increasingly infamous group of hackers, had claimed responsibility on behalf of the group, for the “attack” that caused havoc at GoDaddy. The New York Times reported that “the person behind the Twitter account @AnonymousOwn3r took responsibility for the attack and said all of GoDaddy’s servers were knocked out with what is known as a distributed denial of service attack, or DDoS attack, in which a site is flooded with traffic until it collapses under the load.”
However, it was later revealed in a statement by GoDaddy, one of the world's biggest Internet hosting and registration companies, that technical problems were actually to blame for a nearly six-hour service disruption which affected a portion of their 10 million customers on Monday 10th September. “The service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented a series of immediate measures to fix the problem” stated GoDaddy CEO Scott Wagner.
When we think of hacking and cyber attacks, we often think of young hackers, criminals, and even the newly coined term “cyber terrorists.” However, Info security expert, Dejan Kosutic says "Cyber attacks are usually perceived as a threat of young hackers who want to crash down the server of a company they don't like. The truth is quite different, though - most successful attacks come from the inside - disgruntled employees who want to get even, or even greedy employees who want to make some extra money."
In fact, as the GoDaddy case demonstrated; despite immediate speculation about a major cyber attack on the leading web registrar – it was an internal technical error that cased the downtime, with any suggestions of a technical or internal failure drowned out amongst the ensuing scaremongering.
"The most successful attacks that come from the outside are made by professionals,” reveals Kosutic, adding “these kind of criminals understand perfectly well how much the downtime costs, or how much damage information leakage can cause. Therefore the price they are asking not to do it is very often acceptable to corporations." suggesting that the norm for high level attacks is financially motivated, built on a framework of threats and bribery rather than random assaults and hacking.
This highlights the need for a focus beyond security against cyber attacks and a need for internal continuity measures to protect against both attacks and technical failure from both internal and external sources.
The impact was clear and widespread - drawing a renewed focus to the issue of business continuity measures. What business continuity measures do you currently have in place? Let us know @MicrosoftBizUK