It’s funny how easy it is to take things, such as the ability to quickly and easily access the internet, for granted. Many of us were reminded of that on Friday when a massive DDoS (distributed denial of service) attack took down major swaths of the internet, including Twitter, Paypal, Github, and many others.
At this point, it appears as though the DDoS attack focused on a single point of failure; the DNS provider Dyn. In short, Dyn provides the service that points a web URL (such as www.forbes.com) to the appropriate IP address and content. Dyn was flooded with traffic that was designed to tax their services (such as their API) to their limits.
Traffic from several million IP addresses was sent in at least three massive waves, overwhelming Dyn’s system and causing it to go down. When that happened, web browsers were no longer able to connect web addresses to their respective websites, thus prohibiting users from accessing their desired services.
The implications of this attack extend far beyond the domain of hackers and developers. In fact, this should be a major wakeup call for web entrepreneurs of all sizes. We’re living in a brave new world where these types of events are becoming more and more common.
It’s vitally important that entrepreneurs understand what just happened and what it means for their clients and companies in general. Here are some of the big takeaways.
This wasn’t a hack; it was an attack
As the CEO of a fintech company, not a day goes by that I don’t think about data security. Our very existence is predicated on our ability to keep our client’s data safe and secure. When I hear of any kind of web attack, my mind immediately goes to the topic of security.
The good news, in this case, is that nothing appears to have been stolen. This wasn’t necessarily a matter of a hacker trying to break into a database to steal sensitive information. Instead, it was an attack designed to disrupt access to the web.
Fortunately, our service provider has not been impacted by the attack as of yet, so our product has remained online. If we were to be impacted, I would immediately reach out to our customers and reassure them of the fact that their data was safe. The public doesn’t generally understand the difference between a hack and a DDoS attack, so it’s up to leaders of organizations to explain the situation.
Eventually, you will be impacted
It is easier than ever to build a new product online because there are so many distributed, cloud-based solutions upon which you can build. For example, at BodeTree we utilize third party hosting providers, third party DNS providers, and many other solutions designed to make running and maintaining a web service easy and economical.
The problem inherent in this, of course, is the fact that with increasing interconnectedness comes increasing risk. Depending on third parties saves us time and money, but it also tethers us to their fates in a sense. If we had been using Dyn for our DNS services, for example, our application would have gone down with the rest.
It’s a trade-off that we all must make. In today’s day and age, it simply doesn’t make economic sense to try and keep all of your services in-house. You simply have to rely on these third-party providers to remain competitive, and no matter how secure they may be, they’ll always be vulnerable to the determined attacker.
Realize that there is a real cost to these attacks
Attacks like what we just saw are far more than an annoyance; they’re a massive threat to business. In fact, a number of industry professionals estimate that such an attack can cost a targeted business over $40,000 per hour in lost revenue and additional expense.
I’m afraid that it’s safe to assume that these attacks will continue in the future, becoming a “new normal” for entrepreneurs. We will not revert to the dark ages of hosting applications in giant, personal data centers. The very interconnectedness that makes the web so powerful also makes it dangerous. The two are inextricably intertwined.
It will be up to web entrepreneurs to take it upon themselves to understand and do their best to protect their businesses against such attacks. However, when they inevitably do occur, it’s the job of the entrepreneur to explain the situation to his or her customers. Demystifying a scary situation is the first step towards restoring faith in your product and the web as a whole.