CXO Insight ME - Security Insight - November 2022

RETHINKING SECURITY

The importance of cybersecurity in the digital era

THE NEW MANDATE FOR CYBERSECURITY

I n many ways, 2022 was annus horribilis for cybersecurity. The pandemic-induced digital transformation has expanded the attack surfaces, and we’ve seen exponential cyberattack growth. In addition, bad actors have launched never-seen-before sophisticated attacks in the form of ransomware, BEC, DDoS, etc. Though enterprises now have much-improved defense capabilities, many are still struggling to keep pace with the increasing number of cyber incidents. Exacerbating this problem further is the alarming shortage of cybersecurity resources and skills.

In this new digital transformation era, enterprises must rethink their security strategies and see every dollar spent on cybersecurity as an investment. However, we may need more than advanced technologies to keep cybercriminals at bay; we need more industry collaboration and threat intelligence sharing to stay one step ahead. In this special supplement, we have featured security thought-leaders with their tips to bolster your enterprise’s cyber resilience, and we hope this can help you turn cybersecurity into a competitive advantage.

CONTENTS

FORTINET FORTRA

FORTINET

to support work from anywhere initiatives, the zero trust security model is top of mind. Securing highly distributed networks –particularly those filled with remote workers, dynamically changing environments, and IoT devices– begins with a zero trust approach. This means trusting nothing and no one while also assuming any user or device that seeks network access has already been compromised.

One of the most positive findings in the survey from Fortinet on the State of Zero Trust is that respondents believe in the zero-trust philosophy. Further, a majority reported that they have a zero-trust and/or zerotrust network access strategy in development or in place. In fact, 40% report that their strategy is fully implemented.

deployment approach (33%) to integrate multiple services, provide scalability, or ensure business continuity. On the other hand, not surprisingly, they face increased complexity and security challenges.

We recently introduced FortiCNP, a new cloud-native protection offering that works across Microsoft Azure, Google Cloud, and AWS cloud platforms.

What are some of the ways to reduce ransomware risk in 2023?

Ransomware remains a top threat and cyber adversaries continue to invest significant resources into new attack techniques.

Here are some of the best ways to detect and prevent the evolution of current ransomware attacks:

Which are the biggest attack vectors to watch out for in the next 12 months?

We just unveiled the predictions from the FortiGuard Labs global threat intelligence and research team about the cyberthreat landscape for the next 12 months and beyond. As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponise new technologies at scale to enable more disruption and destruction.

What we’ve observed across the cyber landscape this year, that we anticipate, will continue in the future: threats of all kinds are becoming increasingly ubiquitous. From quickly evolving Cybercrimeas-a-Service (CaaS)-fueled attacks to new exploits on nontraditional targets like edge devices or online worlds, the volume, variety, and scale of cyberthreats will keep security teams on high alert in 2023 and beyond.

What is the importance of zero trust network access?

As more organisations continue

Organisations must implement both zero-trust access (ZTA) and zero-trust network access (ZTNA) to identify and classify all the users and devices that seek network and application access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network. Overall, it’s easier to use solutions and products that are integrated by design because they’re simpler to deploy, configure, and maintain.

How can security leaders adapt to cloud?

There is no question that the cloud has utterly transformed how the world works. The challenge is that not only does each cloud include numerous solutions and services that need to be managed and secured, but that nearly every company on the planet is running multiple clouds.

In the 2022 Cloud Security Report from Fortinet and Cybersecurity Insiders, it appears that organisations are selecting either a hybrid-cloud (39%, up from 36% last year) or multi-cloud

• Monitor your network and endpoint s so you can log incoming and outgoing traffic, scan files for evidence of attack (such as failed modifications), establish a baseline for acceptable user activity, and then investigate anything that seems out of the ordinary.

• Augment your team by relying on a Managed Detection and Response (MDR) provider or a SOC-as-a-service offering is helpful. Augmenting your team in this way can help to eliminate noise and free up your analysts to focus on their most important tasks.

• Educate your employees: Teach them how to spot signs of ransomware, such as emails designed to look like they are from authentic businesses, suspicious external links, and questionable file attachments.

• Lure attackers: Cyber deception technology use ransomware’s own techniques and tactics against itself to trigger detection and uncovers the attacker’s tactics, tools, and procedures (TTP) that led to its successful foothold in the network so your team can identify and close those security gaps.

FORTRA

What are the biggest attack vectors we need to watch out for in 2023?

Phishing and credential theft will likely remain at the top of the list for 2023 and with good reason: they’re an effective strategy where the odds are stacked in an attacker’s favor. Think about it: an organisation needs to be right 100% of the time, while the attacker only needs to be right once. Who’s likely to come out on top? The attacker of course, unless an organisation doubles down on mitigation from both a solutions and training perspective.

Something else to keep in mind is that these attack vectors, due to their success, are coming in ever greater varieties to further improve an attacker’s chances of success. Just look at how phishing has evolved – we now have spear phishing, smishing, and vishing, among others. In the wrong hands, these vectors will open opportunities to launch business email compromise attacks, supply chain and partner attacks, and of course, ransomware attacks - which we believe now affect upwards of 90% of organisations at one time or another.

What are your tips for CISOs to build cyber resilience?

I speak with CISOs and their teams regularly and have noticed a somewhat troubling trend: many are not quite sure where to focus their time and resources to build organisational resilience. When we dig deeper, there is an interesting root cause we often hear, which is that organisations are trying to treat all assets equally from a defense perspective. However, given the incredibly dynamic nature of the threat landscape, this is going to be all but impossible to do.

I think the way to start solving that problem is decidedly old school, but

in my experience, quite effective: the business, IT, and security leaders need to come together and have a conversation to define what is actually most important to protect. It could be your intellectual property, your financial data, or something similarly critical, but you need to know what it is, where it is and how to protect it. Despite the hype and confusion, in my view, this is where zero-trust architecture comes in. By starting out focused and not trying to boil the proverbial ocean, you can prioritise this architecture around your most valuable assets and then proceed methodically from there.

Wy is security automation important?

We have over 3 million open cybersecurity jobs around the world, and these are difficult jobs to train and prepare for – you can’t just drop someone into a security operations role and task them with protecting your organisation against attacks. Anyone who’s tried to hire just one developer or IT professional knows how hard it is, and yet we’re somehow going to hire millions of new cybersecurity professionals? It’s not going to happen, and we need to rethink the problem and how we’re going to solve it.

Every industry is ultimately revolutionised by automation when demand for output outstrips the supply of skilled labor. Cybersecurity today is no different. We have too many vendors, too many products, and too many alerts, which creates an unsustainable signal-to-noise ratio. We have frustrated and burntout cybersecurity professionals who were promised a balance of professional challenges and growth, but in reality, find themselves facing challenges of a very different and undesirable nature. And this is where automation will play a key role in maturing the cybersecurity industry over the next several years. We can use it to amplify what a single professional can accomplish by taking on the routine, repetitive, and high-volume work that weighs them down and free them up to

focus on more rewarding and higher-value work like security architecture, research, and strategy.

How can regional enterprises protect against ransomware attacks?

Something we need to keep in mind is that ransomware is the output of a successfully exploited attack vector, whether that be credential theft, phishing, exploiting a vulnerability, or something else. The better an enterprise does at monitoring, protecting, and evolving how it protects against the attack vectors, the more successful it will be. So how do you do this?

A key strategy is ongoing testing. Utilising a testing strategy that encompasses automated and non-automated tools regularly is going to yield insights about an enterprise’s security posture that will likely come as a surprise. By combining both automated and non-automated testing – from vulnerability assessment and management to penetration testing and red teaming – an enterprise will develop a valuable view of where it is most resilient and where it is not. It can then prioritise where it focuses its remediation efforts and resources to yield the most benefit for the organisation.

VISIONTECH

Which are some of the most significant threat vectors to watch out for in the next 12 months?

Cyber threats are evolving with time, becoming more prevalent and increasingly sophisticated. Recently, Gartner predicted a threefold increase in the number of cybersecurity attacks on organizations by 2025, compared to 2021. The cyber threats that are prevailing and will be staying for the next 12 months are:

Ransomware: As per a 2021 survey of 1200 Plus cybersecurity professionals, 66% of companies suffered significant revenue loss due to a ransomware attack. With time, Ransomware has become more sophisticated, widely available, and convenient for hackers.

Social engineering attacks: Social engineering remains one of the most dangerous hacking techniques cybercriminals use as it mainly relies on human error rather than technical vulnerabilities. Verizon’s Data Breach Investigations report shows 85% of all data breaches involve human interaction.

Mobile security attacks: A larger population of users presents a larger target for cybercriminals. Due to the increase in remote work, Mobile device vulnerabilities have been aggravated, which led to the increase in companies implementing bring-your-own-device policies. A recent Mobile Security Report shows 46% of companies experienced a security incident involving a malicious mobile application downloaded by an employee.

Cloud security threats: Cloud security is a shared responsibility of the service providers and the

users. Hence it is more important to have skilled people inside your organization who can handle cloud security threats and preventive measures to secure any possible leakage on the cloud.

Poor Data Management: The number of data consumers creates doubles every four years, but more than half of that new data is never used or analyzed. Piles of surplus data lead to confusion, leaving data vulnerable to cyber-attacks. Data management is more than just keeping your storage and organization systems uncluttered. Breaches caused by the mishandling of data can be just as costly as higher-tech cybersecurity attacks.

Poor Cyber Hygiene: “Cyber hygiene” refers to regular habits and practices regarding technology use. Companies and individuals that don’t improve their cyber practices are at much greater risk now than before. Due to the increase in remote work in the last few years, the system has become more vulnerable than ever. There are certain things that we should be aware of while managing the Cyber hygiene for our organization: Say no to weak passwords, implement 2-factor authentication, change your passwords at proper intervals, don’t

share your passwords, implement Identity and Access Management (IAM) and Privileged access management (PAM) to manage critical business information.

Configuration Mistakes: In a series of 268 trials by Gartner, 80% of external penetration tests encountered an exploitable misconfiguration. These are mostly human errors, so it becomes more important for us to have the right and skilled talent to save us from such mistakes and educate our clients and employees about cyber threats.

What is the future of zero trust security?

Zero trust security aims to protect organizations from advanced threats and data breaches, thereby enabling organizations with a framework to achieve compliance with FISMA, HIPAA, GDPR, CCPA, and other core data privacy or security laws.

New developments in cloud security include adopting “Zero Trust” architecture making ZTNA the future of enterprise security. Furthermore, it supports the mutual needs of businesses and their employees for the present and future hybrid world of work.

What are your tips to reduce ransomware risks in 2023?

There are three essential Cybersecurity practices to mitigate Ransomware risks. It starts with the visibility of the IT environment by gathering data from multiple systems into one location to improve correlation and analysis. This should be followed by implementing controls for Ransomwareproactive technologies to monitor applications, frequent file backups, anti-malware software, and user awareness training to limit the chance attackers will be successful.

You should also encrypt sensitive files that help to prevent attackers from gaining access to that information.

DELINEA

The year drawing to a close has shown that cybersecurity continues to be a major challenge for many governments, organisations, and citizens around the world, as they step up their efforts to protect businesses and mitigate risks from malicious attackers.

The reality check is that cyber threats are increasing at the same time when many businesses are becoming entirely dependent on digital services, with cybercriminals vigorously looking for ways to gain remote access, steal credentials, elevate privileges, and exfiltrate sensitive data that could bring a business to a complete stop and result in significant financial costs.

Cyberthreats affect not only businesses, but all of us since the digital world is an integral part of our daily lives, and we spend a considerable amount of time online working, shopping, connecting with friends and so forth.

Looking back on this past year’s developments, I have identified these Top 5 Cybersecurity Trends.

Top 5 Cybersecurity Trends in 2022

1 Information Wars and the Algorithm Social Bubbles

With so many geopolitical tensions and conflicts happening in the world, we have seen a major increase in Information Wars that have become a vital factor in how we see and believe in what is our version of reality.

At the same time, algorithms are determining not only what data appears in our social feeds but also who we are connected to and, at the same time, reinforcing our beliefs and whether they are

true or fake. Algorithms are often shaping our lives more than our education, and this is becoming very scary. As we look through our social feeds, we only see what the algorithms want us to see to power our dopamine needs.

The reality is that we are now living in an era of Information Warfare where our digital society is overlapping with the real-world.

2 Cyber Fatigue – Bypass MFA and Social Engineering

Cybercriminals are always looking for the easiest ways to access an organisation’s network or systems. They continue to look for the quickest and cheapest path that allows them to stay hidden under the disguise of an authorised employee.

Social engineering has been on the rise for the past ten years, but in 2022 it went to a whole new level. In response, more organisations have strengthened their security controls by adapting two-factor (2FA) and multifactor authentication (MFA) to reduce the risks associated with employees continuing to choose weak or repeated passwords.

However, following this increase in security controls, attackers have adapted their techniques, looking for ways to bypass these additional security challenges through social engineering and cyber fatigue. This should be a reminder to organisations and businesses that not all 2FA and MFA are equal.

Additionally, they need to find the right balance between security and productivity to reduce the risks of cyber fatigue, which can increase the risks of social engineering techniques being successful.

3 The Hybrid Workforce and Bring Your Own Office (BYOO)

As a result of COVID-19, in the past few years, we have experienced the explosion of remote working which has also accelerated digital transformation to cloud services for many organisations. The post-pandemic reality is that we now have a modern hybrid workforce.

The new working norm is that employees only go into the office about 3 out of 5 days of the week, if at all. This has resulted in employees’ homes becoming an extension of the workplace and introducing the evolution from Bring Your Own Device (BYOD) to employees needing to Bring Your Own Office (BYOO).

4 The Rise of Cyber Insurance

Business leaders are looking to mitigate the risks from

cyberattacks and ransomware, which had devastating consequences for many, both in terms of business availability and financial stability. The need to reduce the financial burden of cyberattacks has seen many business leaders look to cyber insurance as a safety net, making it a de facto mandatory requirement for business resilience and continuity.

A recent survey report from Delinea revealed that 33% of IT decision-makers applied for cyber insurance due to requirements from Boards and Executive Management. Furthermore, their policies are getting a workout – almost 80% said they have had to use their cyber insurance, and over half of them said they’ve used it more than once.

As a result of cyber insurance policies being used and, ultimately, many businesses needing them, the cost of cyber insurance is continuing to rise at alarming rates.

5

Deep Fakes – Can you spot the difference?

The advancements made in the quality of deep fakes in 2022 are scary to the point that with only a few images and audio clips available on the internet, an attacker can become a digital version of you.

We have seen many deep fakes circulating on social media that make identifying the real original version almost impossible without technology assisting in analysing the bits. We now must become aware that any digital video or audio must be validated for authenticity.

Top 3 Cyber Resolutions for 2023 While cybersecurity threats can

appear overwhelming, we can nevertheless make it harder for malicious attackers to disrupt our lives. As we start the new year, take some time to make some changes to your cyber hygiene and increase your security posture.

1

Renew your password experience – reward yourself with a Password

Manager

Creating and remembering new passwords is a pain that no one needs to endure. Starting from January, let’s stop reusing passwords and let a password manager do all the work for you in the background. It will help generate a complex strong password for each credential and remember it for you. Some tools can also alert if any of your passwords might have been compromised in one of the many data breaches happening all the time.

2

Turn on MFA – More than Just a Password Let’s not leave passwords to be the only protection for your credentials. For at least one of your most important accounts, try enabling multifactor authentication. Once you get past the first time you will find it much easier to enable MFA for more accounts. This will help reduce the risk of attackers gaining access to your accounts.

3 Audit Yourself – Assess Your Security

Take a moment to check your audit logs and look for suspicious activity, such as any failed login attempts from suspicious locations or devices. If you find unknown or old devices you are no longer using, make sure to revoke access or update your passwords.

MIMECAST

F

ollowing years of pandemicinduced economic pressure, economies across the Middle East are eyeing a welcome return to normal. With White Friday and the end-of-year Dubai Shopping Festival on the horizon, as well as a hotly anticipated FIFA World Cup in Qatar having kicked off, the region is set to be a hub of activity and tourism over the coming months.

The region’s retail sector is also powering ahead: the UAE’s e-commerce market alone is expected to reach $8 billion by 2025, with the retail mobilecommerce market projected to grow at 19% CAGR. McKinsey data found that the number of people in the UAE and Saudi Arabia shopping online on a weekly basis has doubled in two years.

This has not escaped the notice of cybercriminals, who are almost certain to attempt to spoil the party for Middle East consumers. In fact, attacks are projected to become more prolific in the weeks and months ahead as cybercriminals prey on shoppers with a range of attack methods.

In Mimecast’s latest State of Ransomware Readiness 2 report, 59% of cybersecurity leaders in the UAE reported that the volume of cyberattacks have held firm or even increased over the past year. The State of Email Security 2022 report also found that 90% of organisations in Saudi Arabia have been the target of an email-related phishing attempt in the past year.

Cybercriminals refine, enhance attack methods

The increase in cyber threats is in part being driven by greater digitisation of various aspects of our personal and professional lives, creating valuable sources

of information for threat actors as well as potential areas of weakness to exploit.

When the first lockdowns were implemented in early-2020, many office workers were forced to work remotely, a situation that has continued despite lockdown restrictions lifting. While this has undeniable benefits to workers, it has created a security nightmare for many organisations.

With employees working outside the confines of corporate security structures and often under immense pressure, cybercriminals have capitalised by aggressively exploiting the vulnerabilities that come with remote work.

Cybercriminals are also becoming increasingly adept at social engineering at scale. To illustrate, instead of targeting a person with a phishing attack, they seek to understand what their target’s persona represents – for example, a young male that enjoys outdoor sports and activities – and then purchase a mailing list with those interests. This allows them to craft more attractive phishing mails that have a far higher chance at success.

The amount of publicly available personal information on social media is also giving threat actors valuable data to use in the crafting of their attacks. An attacker could type the name of a potential target on Google, which may bring up their Facebook profile and, in the case of outdoor enthusiasts, their Strava profile. From this they can see the types of activities they engage in, where they train, how often, and more.

From here it’s a simple matter of constructing a mailer with the right offer. For example, if the target is an avid cyclist, the attacker could develop a

mailer that offers a substantial discount on a bike of the same brand that the person has put on their Facebook profile. This can increase the hit rate of their attacks from around 2% (for untargeted attacks) to as much as 20%.

In another example, a cybercriminal could infiltrate the mail server of a private school and send parents personalised emails asking for a meeting regarding their child. In a cruel twist, the cybercriminal may attach a malicious file and tell parents that it relates to the discussion they’d like to have about their child’s performance at the school.

Such an attack would likely seem so legitimate and convincing that most parents would open the attachment without a second’s hesitation. This may leave them exposed to further infiltration and potential financial losses as the cybercriminal uses their newfound access to infiltrate the victim’s banking profiles.

Knowledge, awareness the greatest weapon against cyberattacks

In light of such high levels of danger, what can be done to safeguard Middle Eastern organisations and citizens from cybercrime?

The first step is to build greater cyber resilience at a national, provincial and local level by investing in appropriate cybersecurity and continuity solutions. A multi-layered cyber resilience strategy that protects people from cyber threats is vital in the fight against cybercrime.

The Dubai Cyber Security Strategy, introduced in 2017, plays a vital role in strengthening cyber resilience in the UAE. The recently launched CyberIC program in

Saudi Arabia will develop the domestic cybersecurity sector with the aim of developing more than 10 000 skilled cybersecurity professionals over the next few years, boosting regional cyber defences.

Secondly, it is critical that information about likely attack methods and cyber risks reach every citizen. Everyone needs to join forces, from big business to government departments and even celebrities, to help raise the general level of cyber awareness among the broader population.

Businesses could contribute by sponsoring programmes and internships for cybercrime skills development, which has the dual benefit of improving the region’s defences against cyberattacks as well as improving the region’s global competitiveness at a time when the global cyber skills shortage is intensifying.

Universities can host regular guest lectures and information sessions by cybersecurity specialists to teach students about cyber safety and prepare them for the risks they’ll face.

Organisations in the private and public sectors should continuously train employees to become more cyber aware. Government departments can apply some of the learnings from the pandemic and roll out ongoing national cyber awareness campaigns that teach citizens about basic cyber safety.

Finally, a culture of community defence should be established that encourages victims of cybercrime to report cyberattacks. This can drive greater awareness of emerging cyber risks while also giving authorities valuable information about new attack methods that may aid their quest to bring perpetrators of cybercrime to justice.

A10 NETWORKS

Distributed Denial of Service (DDoS) attacks have become an ongoing threat for organisations. Using a variety of techniques, a wide range of threat actors from lone hackers, criminal gangs and hacktivists to nation-states are using DDoS attacks to disrupt or disable the performance of target systems. These targets can be small or large businesses, internet service providers, manufacturers, retailers, healthcare providers, schools and universities, or other nation-states. Essentially, any entity with an online presence can become a DDoS target.

Now, here is the why. There are three main reasons why people create botnets: For financial gain by extortion—’pay up or we keep attacking’; to make a point—’stop (or start) doing something or we continue’; or, in the case of nation-state actors, as an espionage or cyber warfare tactic.

This article will analyse how these botnet and DDoS attacks work and the most common mechanism for delivering attacks using collections of remotely controlled, compromised services or devices.

What is a Botnet?

The bots that make up a botnet can include computers, smartphones, virtualised machines, and a wide range of Internet of Things (IoT) devices such as IP cameras, smart TVs, routers, and even children’s toys i.e., anything with an internet connection. In particular, IoT vulnerabilities and misconfigurations are extremely common in the consumer market, making IoT botnets, which can

The cyber-risk is real, but not always visible

.

With ColorTokens’ award winning Zero Trust micro-segmentation framework you can find and fix the evolving risks that threaten your business.

ColorTokens’ SaaS-based, cloud-delivered approach ensures fast and easy segmentation, effectively blocking the spread of ransomware and other threat actors inside your network.

Learn more about how ColorTokens can prevent cyber threats from becoming a full scale attack on your network. Write to info@colortokens for an exploratory demo.

www.colortokens.com

comprise millions of hijacked devices, very easy for hackers to create.

Despite the warnings about IoT vulnerabilities and wellunderstood fixes to improve their security, basic defences such as requiring effective passwords and not allowing default logins are still ignored. Vendors failing to provide updates to address security problems, or device owners failing to apply updates, also creates another source of IoT vulnerabilities.

Hijacking devices for a botnet involve identifying devices with security vulnerabilities that allow them to be infected with “botware”. But these infected devices are just the first step. There seems to be confusion about what constitutes a botnet. While the most obvious part of a botnet is the collection of devices it includes, the defining component is the existence of a command and control (C&C) system that controls what the network of bots does. By communicating with the botnet C&C system through the newly installed botware, each compromised device forms a network of bots. These bots are then controlled by commands sent from a “botmaster” or “botherder”.

What Do Botnets Do?

Botnets are used for four main purposes and, generally, a botnet can be switched as a whole or in parts between any of these functions.

1 Spam and Phishing

Bots enable spammers to avoid the problem of their own IP addresses getting blacklisted and, even if some bots get blacklisted, they can create thousands of backup IPs to use. Targeted botnet spam is used for phishing for identity theft. By generating huge amounts of spam email messages inviting recipients

to visit promotional websites, websites impersonating banks and other financial institutions, and fake competitions, scammers try to harvest personal information such as bank account details, credit card data, and website logins.

2 Pay-per-Click Fraud

To increase website advertising revenues, botnets are used to hijack the pay-perclick advertising model by faking user interaction. Because of the distributed nature of the click sources, it’s hard for advertising networks to identify click fraud.

3 Cryptomining

An IoT botnet is the perfect platform for cryptomining. By running the algorithms that mine cryptocurrencies on tens of thousands of bots, hackers steal computer power from the device owners, creating significant revenue without the usual costs of mining, like electricity.

4

DDoS Attacks-as-a-Service

DDoS attacks are easily launched using botnets and, as with botnet-generated spam, the bots’ distributed nature makes it difficult for organisations to filter out DDoS traffic. Botnets can execute any kind of DDoS attack and even launch multiple attack types simultaneously.

A relatively new hacker business is DDoS-as-a-Service. On certain websites across both the Dark Web and regular web, individuals can buy DDoS attacks for as little as $5 per hour, with price scaling based on the attack’s scale and duration.

Botnet Command and Control

The latest botnet command and control communications are based on peer-to-peer (P2P) connections. In this model, compromised devices discover each other by scanning IP address

ranges for specific port and protocol services and sharing lists of known peers and commands with any identified botnet members. This type of highly distributed mesh networking is more complicated to create but also much harder to disrupt.

The Future of Botnet and DDoS Attacks and How to Respond Botnets are here to stay. Given the exponential growth of poorlysecured IoT devices that can be co-opted into an IoT botnet, as well as the growing population of vulnerable computers, botnet attacks have become endemic. As a cyber-warfare tool, botnet and DDoS attacks have been observed in use in the Russian/ Ukraine conflict.

All IT teams should prepare to deal with a botnet and DDoS attack. The first step is to realise that no online property or service is too big, or too small, to be attacked.

Secondly, organisations should plan for increased bandwidth ideally on an as-needed basis. The ability to scale up an internet connection will make it harder for a botnet and DDoS attack to saturate access and isolate an organisation from the internet. This elastic provisioning strategy also applies to the adoption of cloud services, rather than relying than on-premises or single data centre services.

Thirdly, organisations should consider using or expanding their content delivery network (CDN) to increase client-side delivery bandwidth. The use of multiple CDNs also increases resilience to DDoS attacks.

Finally, businesses should strengthen everything. Strategically deploying hardware and software DDoS mitigation services throughout organisational infrastructure is key to reducing the potential impact of a botnet and DDoS attack.