A SURGE IN DDOS ATTACKS:
A SURGE IN DDOS ATTACKS: WHAT TO DO Patrick Ndegwa, SEACOM Business Sales Lead at SEACOM Kenya, explains how African businesses can protect themselves. Credit: Israel Andrade on Unsplash DDoS attacks can also make a network vulnerable to further attacks, resulting in even costlier data breaches. DDoS attacks are often part of a wider strategy that is coordinated to exploit more than one vulnerability in a business network. TTechnology is playing an increasingly significant role across almost every business sector. The pace of digital innovation is accelerating but, with the proliferation of IoT devices, cloud-based networks and other business-critical ICT infrastructure, comes a much larger attack surface for cybercriminals. Governments, educational and financial institutions, global enterprises and even small businesses are all potential targets of ransomware, malware, Distributed-Denial-of-Service (DDoS) attacks and social engineering. As these different forms of cyberattacks continue to become more sophisticated, it’s becoming more crucial than ever that organisations are adequately protected. During 2021, global cybersecurity companies such as Kaspersky and Cloudflare highlighted an unprecedented evolution and growth of DDoS attacks. Even global tech giants such as Google and Microsoft have had to fend off large, coordinated attacks against their services in recent years. These attacks are getting bigger, smarter, expertly tailored according to their targets and are intelligently exploiting specific gaps in cybersecurity. Unfortunately, they’re coming closer to home. 22 UNDERSTANDING THE THREAT OF DDOS ATTACKS A DDoS attack is a malicious type of cyberattack that targets a network, server or services with the goal of overwhelming a network (or connected IT infrastructure) with a flood of requests. This is often done with the use of a botnet, which is a group of devices that automatically perform such actions over the Internet, causing a network or service to slow down or stop functioning completely. This can make a service inaccessible to both users and employees, resulting in high recovery costs, downtime for critical business functions, or – in the case of an e-commerce site that stops working – the loss of income and reputation. Importantly, DDoS attacks can also make a network vulnerable to further attacks, resulting in even costlier data breaches. DDoS attacks are often part of a wider strategy that is coordinated to exploit more than one vulnerability in a business network. And, with the sudden shift towards remote working since the start of the Covid-19 pandemic, cybercriminals have a much larger attack vector on unsecured at-home networks.
CYBERSECURITY There were 38 776 699 detected cyber threats in Kenya between April and June 2021. This figure increased by an alarming 37.3% in only one quarter of 2021, and 29.1% of these threats were DDoS attacks. It’s clearly becoming increasingly vital that every organisation ensures every aspect of their IT infrastructure is protected. WHAT’S THE SITUATION IN AFRICA? Across Africa, technology is being rapidly adopted as the continent moves into a more urbanised and digitally-driven age, but with the growing pains of digital transformation comes greater vulnerability. SEACOM figures reveal that DDoS attacks in Africa have increased by 300% in 2021, compared to the same period in 2019. There were a total of 382 500 DDoS attacks across the continent between January and July 2021. Kenya saw an astounding 2 400% increase in attacks over the same period, and the number of these attacks are not expected to slow down. According to the cybersecurity report by the Communications Authority of Kenya, there were 38 776 699 detected cyber threats in Kenya between April and June 2021. This figure increased by an alarming 37.3% in only one quarter of 2021, and 29.1% of these threats were DDoS attacks. It’s clearly becoming increasingly vital that every organisation, especially at the start of their digital transformation journey, ensures every aspect of their IT infrastructure is protected. SECURITY FROM THE GROUND UP Cybersecurity has multiple layers and is always an ongoing process. Security measures should, therefore, be implemented from the ground up and not added as an afterthought. In the current climate, organisations need to be sure they can stay up to speed with ever-evolving and increasingly complex cybersecurity threats. Cyberattacks may be getting more Credit: FLY:D on Unsplash sophisticated but, thankfully, so are the ways that businesses can prevent them. A DDoS attack, for example, can be mitigated by services that remove malicious traffic and only let legitimate traffic pass through, thereby protecting the network and ensuring that operations or services don’t grind to a halt. Advanced intrusion prevention and threat management systems can utilise nextgeneration firewalls, Virtual Private Networks (VPNs), load balancing, content filtering and other security mechanisms to prevent DDoS attacks from having an impact on a network. The right combination of tools and technology can place a business on more solid ground when it comes to fending off cybersecurity threats in general, and DDoS attacks in particular. One of the major pitfalls in cybersecurity is that not every organisation has the expertise or a dedicated security team that can provide up-to-date, enterprise-class protection. And the statistics are clear: cybercrime is on the rise. Now, more than ever, it’s essential that organisations find a dedicated cybersecurity partner whose sole objective is to keep their business safe from the various kinds of modern cyberattacks. Cybersecurity should be proactive rather than reactive and, with the help of managed security services, businesses can rest assured that when an attack occurs, they’ll have all the protection and processes already in place. Peace of mind is something to be prized. 23 Patrick Ndegwa, SEACOM Kenya. Cyberattacks may be getting more sophisticated but, thankfully, so are the ways that businesses can prevent them. About SEACOM SEACOM launched Africa’s first broadband submarine cable system along the continent’s eastern and southern coasts in 2009. Today SEACOM is the preferred partner for African businesses, network carriers and service providers. Through its ownership of Africa’s most extensive ICT data infrastructure, including multiple subsea cables and a resilient, continent-wide IP-MPLS network, SEACOM provides a full suite of flexible, scalable and highquality communications and cloud solutions that enable the growth of the continent’s economy. SEACOM is privately owned and operated, allowing the company the agility to rapidly tailor-make and deploy new services, commercial models and infrastructure in response to customer requirements, without the red tape or hidden costs often prevalent in this industry.
