Hacking should be included in your disaster recovery plans as a potential risk for downtime
The revenue and reputation damages caused by a DoS outage for just a few hours can be astronomical
Published 11:24, 21 February 12
In the past, these groups operated on the fringe of the vast expanse known as the internet. Their names were known mostly amongst communities that were already interested in their antics. However recent events such as the Occupy movement, the SOPA/PIPA debates, and the protests in the Middle East have dragged these groups into the limelight. Since then, their infamy has only grown with the combined Anonymous/LulzSec attack on Sony’s Playstation Network in 2011 which cost Sony $171 million in lost revenue alone (with some estimates placing the cost at a staggering $24 billion), the recent takedowns of the Department of Justice (DOJ), CIA and FBI websites, the recent attack on the NASDAQ, and now the most recent threat from Anonymous to effectively disable the internet, hacking is a very real, very present risk to consider. It is easy to simply dismiss these activities as random acts of tomfoolery, and even easier to assume that it will never happen to you but that is a dangerous and potentially costly notion. In my most recent report, “Building The Always-On, Always-Available Extended Enterprise”, I discuss the cost of downtime and show how costly a website outage can be for just a couple hours. Whether you run an eBusiness website or not, the revenue and reputation damages of an outage can be astronomical.
When dealing with disaster recovery, most common causes of downtime are power outages, infrastructure failures, human error, and natural disasters. But suffering a denial of service attack (DoS) is generally not in the forefront of leaders’ minds. Whether it's an unintentional denial of service, like when Coca-Cola and Acura's websites crashed during the superbowl due to the popularity of their commercials, or a distributed denial of service (DDoS) attack by hackers, the difficulty is predicting the occurrence of, and protecting yourself against downtime. As with any other disaster, it is important to have a disaster recovery plan in place in the case that such an event may occur. These types of plans should focus on communications to employees and customers and any potential workarounds and methods to distribute additional information. You may never be able to prevent a DoS attack, but you can be ready if (or when) you are subjected to one.
By Rachel Dines, with contributions from Eric Chi