NZ institutions – everything from the stock market to the weather service - are getting hammered by cyber attacks at the moment. So, what’s going on here?
Firstly, just to be clear what type of attack this is – a Distributed Denial of Service Attack (DDOS) is basically a malicious attack on a server or network where the bad guys send an enormous number of requests to that IP address or service. This overwhelms the server and it can crash, freeze or simply not be able to process the traffic.
Typically, the hackers will use an army of computers that they have infected with malware to conduct such an attack. There are a few different varieties and types of these DDOS attacks, but that’s the gist of it. Imagine if you were trying to work in Outlook and someone kept sending you a junk email that went into your inbox every two seconds… you’d find it really hard to work through that (this happened to me once when a workflow broke internally – really annoying).
One of the biggest problems is that these attacks are very hard to defend against – servers hosting websites and applications can’t always tell what traffic is meant to be there and what is malicious, and the level of traffic quickly overwhelms the servers.
The one piece of comfort us average folk can take away is that these attacks tend to be on large targets – government infrastructure, large corporates, that kind of thing – probably state sponsored too a fair bit. I’ve not seen many publicised attacks on small targets, although I’m sure there are some out there. Remember we’re often dealing with organised crime in these situations, so wherever there’s cash, there’s cyber crime.
In terms of mitigating these types of events – this is normally managed with special network equipment or targeted protection services hosted in the cloud. Firstly, you need to know the attack is happening, so have a detection policy in place. This is where the protections then kick in and work to identify what traffic is malicious and what isn’t. The malicious traffic can then be routed elsewhere or broken up into smaller, more manageable pieces. You could also have some sort of kill switch that switches your application or site over to another server – this can often be just a temporary solution though as the bad guys can simply divert their attack to the new location.
So, these types of attacks are happening quite a lot at the moment and I think that’s because they are so successful and so hard to defend against. They’re probably difficult to organise and expensive to set up, but that’s also why they attract organised crime/state sponsors and go after big targets. If you’re in the SME space, you really don’t want to end up getting caught up in one of these events – I’ve not had it happen to me personally, but I am certain it won’t be much fun.
As always, speak with your IT specialists about protection against cyber attacks, and work with your insurance broker to understand what risks can be offset through the purchase of cyber insurance.
For a confidential conversation about your insurance program, contact one of our members today.
General Advice Warning
The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.