Q&A: Mikko Hyppönen, chief research officer, F-Secure

We ask one of the leading experts on cyber crime for an assessment of the recent spate of cyber attacks and the growing threats to companies trading online.

Most companies operating online haven't prepared themselves for an attack like this. Companies that have taken precautions are the ones that have been attacked previously. This is no wonder; getting protection against denial of service attacks is expensive and complicated.

But companies like Amazon have such massive infrastructure. It is much more than just an online store. They have become so large with their internal computing infrastructure that they have started renting it out and is now one of the largest cloud infrastructures, so they have very large server infrastructure and very large bandwidth.

They can defend themselves, but for a lot of companies who are involved in e-commerce or depend on the internet for tools such as collaboration and communications, what should they be doing in light of these attacks?

A good idea is to set up a plan covering what to do, if you are attacked. Of course if you can afford it, it is always a good idea to host your website with a company that specialises in protecting against denial of service attacks, or if you are hosting your own site you can invest in specialist gear [to protect your site].

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

However, in most cases, it is enough to have a plan for what to do if you are attacked. You might migrate to a different server, change your domain names, change hosting IP addresses or change to a hosting provider that might be able to handle the attacks. Another easy to do trick is to have a spare domain name in case you are attacked, and then you can give out the "spare" domain name to people who need to access your site. Planning is the key, if you have some guidelines to follow if an attack happens, you will be much better off.

Once this type of attack has been demonstrated to be so effective as many people in the information security field think it has been doesn't that open up the floodgates for all manner of people who want to disrupt commerce to follow suit?

It is a real risk, and denial of service attacks are nothing new. We saw the first very large scale one in 2000. Since then we've seen large-scale attacks over and over again, and the motives range from "hacktivism" which is what we are seeing right now to criminal attacks on online stores where the hackers ask for a ransom.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020