Q&A: Mikko Hyppönen, chief research officer, F-Secure

We ask one of the leading experts on cyber crime for an assessment of the recent spate of cyber attacks and the growing threats to companies trading online.

Most companies operating online haven't prepared themselves for an attack like this. Companies that have taken precautions are the ones that have been attacked previously. This is no wonder; getting protection against denial of service attacks is expensive and complicated.

But companies like Amazon have such massive infrastructure. It is much more than just an online store. They have become so large with their internal computing infrastructure that they have started renting it out and is now one of the largest cloud infrastructures, so they have very large server infrastructure and very large bandwidth.

They can defend themselves, but for a lot of companies who are involved in e-commerce or depend on the internet for tools such as collaboration and communications, what should they be doing in light of these attacks?

A good idea is to set up a plan covering what to do, if you are attacked. Of course if you can afford it, it is always a good idea to host your website with a company that specialises in protecting against denial of service attacks, or if you are hosting your own site you can invest in specialist gear [to protect your site].

Advertisement
Advertisement - Article continues below

However, in most cases, it is enough to have a plan for what to do if you are attacked. You might migrate to a different server, change your domain names, change hosting IP addresses or change to a hosting provider that might be able to handle the attacks. Another easy to do trick is to have a spare domain name in case you are attacked, and then you can give out the "spare" domain name to people who need to access your site. Planning is the key, if you have some guidelines to follow if an attack happens, you will be much better off.

Once this type of attack has been demonstrated to be so effective as many people in the information security field think it has been doesn't that open up the floodgates for all manner of people who want to disrupt commerce to follow suit?

It is a real risk, and denial of service attacks are nothing new. We saw the first very large scale one in 2000. Since then we've seen large-scale attacks over and over again, and the motives range from "hacktivism" which is what we are seeing right now to criminal attacks on online stores where the hackers ask for a ransom.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019