Q&A: Mikko Hyppönen, chief research officer, F-Secure

We ask one of the leading experts on cyber crime for an assessment of the recent spate of cyber attacks and the growing threats to companies trading online.

Most companies operating online haven't prepared themselves for an attack like this. Companies that have taken precautions are the ones that have been attacked previously. This is no wonder; getting protection against denial of service attacks is expensive and complicated.

But companies like Amazon have such massive infrastructure. It is much more than just an online store. They have become so large with their internal computing infrastructure that they have started renting it out and is now one of the largest cloud infrastructures, so they have very large server infrastructure and very large bandwidth.

They can defend themselves, but for a lot of companies who are involved in e-commerce or depend on the internet for tools such as collaboration and communications, what should they be doing in light of these attacks?

A good idea is to set up a plan covering what to do, if you are attacked. Of course if you can afford it, it is always a good idea to host your website with a company that specialises in protecting against denial of service attacks, or if you are hosting your own site you can invest in specialist gear [to protect your site].

However, in most cases, it is enough to have a plan for what to do if you are attacked. You might migrate to a different server, change your domain names, change hosting IP addresses or change to a hosting provider that might be able to handle the attacks. Another easy to do trick is to have a spare domain name in case you are attacked, and then you can give out the "spare" domain name to people who need to access your site. Planning is the key, if you have some guidelines to follow if an attack happens, you will be much better off.

Once this type of attack has been demonstrated to be so effective as many people in the information security field think it has been doesn't that open up the floodgates for all manner of people who want to disrupt commerce to follow suit?

It is a real risk, and denial of service attacks are nothing new. We saw the first very large scale one in 2000. Since then we've seen large-scale attacks over and over again, and the motives range from "hacktivism" which is what we are seeing right now to criminal attacks on online stores where the hackers ask for a ransom.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021