A three-minute read.
Ever since 1988 when the first cyber-attack, the ‘Morris worm’, propagated itself across the nascent internet and rendered computers unusable, cyber-attacks have become a major concern for Enterprises, and increasingly their Executive Officers. We’ll come back to Mr. Morris and his ‘Morris worm’.
Cyber Crime Never had a Heart
Cyber criminals have always been quick to take advantage of human catastrophes like the Ebola phishing email scam that surfaced shortly after the devastating 2014 outbreak in the Congo, or the cyberattacks in North Carolina during hurricane Florence in 2018.
COVID-19 is no exception.
Since the pandemic, there has been a dramatic increase in the number of cyberattacks as hackers take advantage of security weaknesses opened by a corporate world rushing to adapt to the new reality. A recent global survey of over 1,000 CXOs published by Asavie Global shows the main two cyber threats to North American respondents as: DDoS attacks (69%), and Data breaches (62%).
Holding Executives Accountable
In an effort to minimize the impact of data breaches and hold corporations accountable for their customers’ personal data, the EU first drafted the ‘Data Protection Directive’ on October 24, 1995, only three days after Marty McFly returned to the future in the iconic ‘Back to the Future’ movie – today, 25 years ago.
From the Chief Executive Officers’ personal perspective data breaches compromising private information of hundreds of millions of people have forced their resignation. Amongst the earliest high-profile resignations being Target’s CEO in 2014, then Ashley Madison’s CEO and Sony’s Co-Chair in 2015, and Equifax's CEO in 2017. Executives have also paid dearly for sophisticated phishing attacks that defrauded their company of millions of $, like the FACC (Boeing and Airbus supplier) CEO who subsequently resigned in 2016.
DDoS joins Data Breaches & Phishing Attacks to ‘Premier’ Cyber Attack League
DDoS attacks somehow, haven’t presented the same resignation trigger to company executives as data breaches & phishing attacks have. Up to now, that is, which brings us Back to the Future.
Since COVID-19 broke out there’s been a dramatic increase in both the number and sophistication of DDoS attacks. Especially with the share of stealthier multi-vectored application layer attacks that are wreaking havoc on enterprises and organizations from what seems like all walks of life. Compounding our vulnerability to DDoS attacks is our dependence on online availability and the expectations we’ve developed for immediate satisfaction, be it the news site we're loading, our e-commerce shopping cart, the online meeting we’re logging into or the stock exchange we’re trading on. DDoS attackers don't have to cause downtime for customers to drop, a few seconds of latency is enough, so much so that according to FastCompany up to 25% of users are expected to drop with as little as 4 seconds of latency.
The week of August 25th, 2020 saw what was probably one of the most high-profile & consequential DDoS attacks in history targeting the New Zealand stock exchange, NZX, taking its web services down, effectively neutralizing its operations for most of that week.
The CIO of NZX learnt with his resignation that DDoS attacks have become, like the 19th sequel to the ‘Jaws’ movie that Marty McFly returns to on October 21st, 1995 ‘Really, Really’ personal.
True, DDoS attacks have yet to claim their first CEO, but they have definitely started knocking on the door of high-profile resignations, posing a threat both to Enterprises and especially their accountable Executive Officers.
What came of Mr. Morris you ask? Robert Tappan Morris was tried and convicted for violating the Computer Fraud and Abuse Act and was eventually sentenced to three years' probation, 400 hours of community service, and a fine of $10,050. He is today a Professor at MIT, and last year was appointed as a Fellow of the US National Academy of Engineering.
MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.