Right now, the internet probably seems like the Wild West. Hackers are roaming around, seemingly attacking websites on a whim. Most recently, groups like Anonymous, the Jester, and Lulz Security (LulzSec – now supposedly disbanded) have been attacking and successfully taking down web sites of all types. Government and corporate, public and private, anybody seems as though they can be a target for these attacks. While their reasons for attacking a site range from political statement to simply for the fun of it, hacktivists and black hat trouble makers alike, the end result is that hacking is now a real cause of downtime.
In the past, these groups operated on the fringe of the vast expanse known as the internet. Their names were known mostly amongst communities that were already interested in their antics. However recent events such as the Occupy movement, the SOPA/PIPA debates, and the protests in the Middle East have dragged these groups into the limelight. Since then, their infamy has only grown with the combined Anonymous/LulzSec attack on Sony’s Playstation Network in 2011 which cost Sony $171 million in lost revenue alone (with some estimates placing the cost at a staggering $24 billion), the recent takedowns of the Department of Justice (DOJ), CIA and FBI websites, the recent attack on the NASDAQ, and now the most recent threat from Anonymous to effectively disable the internet, hacking is a very real, very present risk to consider. It is easy to simply dismiss these activities as random acts of tomfoolery, and even easier to assume that it will never happen to you but that is a dangerous and potentially costly notion. In my most recent report, “Building The Always-On, Always-Available Extended Enterprise”, I discuss the cost of downtime and show how costly a website outage can be for just a couple hours. Whether you run an eBusiness website or not, the revenue and reputation damages of an outage can be astronomical.
When dealing with disaster recovery, most common causes of downtime are power outages, infrastructure failures, human error, and natural disasters. But suffering a denial of service attack (DoS) is generally not in the forefront of leaders’ minds. Whether it's an unintentional denial of service, like when Coca-Cola and Acura's websites crashed during the superbowl due to the popularity of their commercials, or a distributed denial of service attack by hackers, the difficulty is predicting the occurrence of, and protecting yourself against downtime. As with any other disaster, it is important to have a disaster recovery plan in place in the case that such an event may occur. These types of plans should focus on communications to employees and customers and any potential workarounds and methods to distribute additional information. You may never be able to prevent a DoS attack, but you can be ready if (or when) you are subjected to one.
[With contributions from Eric Chi]