The BBC’s suspension and subsequent decision to sack Jeremy Clarkson, the host of its Top Gear motoring show, has created quite a stir. In the aftermath, Mel Grove wonders what the affair can teach us about the nature and scale of the threat from DDoS attacks.
Within a week of Jeremy Clarkson’s suspension by the BBC, following what can only be described as a ‘hot snack based physical assault’, a petition demanding his reinstatement had gathered more than one million signatures and, even the UK Prime Minister, David Cameron, had been drawn into the row.
A less well-known consequence, however, saw one of the BBC’s systems out of service, inaccessible to millions of users. No, this was not a case of its telephone systems crumbling under a weight of irate calls – a suspected distributed denial-of-service (DDoS) attack left the BBC website offline for several hours.
Now, there is much debate over whether this was truly a DDoS attack – despite alleged threats from Anonymous, the outage may have simply been down to an internal systems problem.
However, the fact that so prosaic an issue as the status of a TV presenter can lead to credible suggestions that a DDoS attack had been launched, serves to once again remind us just how unpredictable a threat it is.
The truth is it is almost impossible to know who might launch a DDoS attack against an organisation – from state sponsored and corporate espionage to disgruntled interest groups and downright vandalism the possibilities are endless. The same goes for why, as Clarkson-gate helpfully reminded us.
All this means that DDoS attacks are more common than one might think. Indeed, research carried out last year by Incapsula found that almost half of businesses with at least 250 employees had been hit by a DDoS attack at some point in the past. Of them, 91% had been attacked in the preceding 12 months, and 70% had been compromised two or more times.
Perhaps most striking, however, are the consequences. The same research estimated the cost of a DDoS attack at more than GBP 25,000 (USD 40,000) per hour. Add to that the fact that 33% lost confidential information during a DDoS attack and the financial losses could be far more profound still.
Data privacy laws in the US are already tough, stipulating hefty fines for companies that have data breaches, and the EU Data Protection Directive’s [LINK to Blog post] hard-line stance will make CIOs sit up and take notice when it becomes law in 2016.
So, back to the question: “What can Jeremy Clarkson teach us about DDoS?”
The answer is simple. DDoS is unpredictable and potentially devastating. No matter how remote the risk may seem, it’s important to take the threat seriously and be prepared.
The next in this series will look at the steps organisations can take to do just that – to make sure they are prepared to react quickly and effectively should a DDoS attack strike – this time, without input from Mr Clarkson.