by. Robin Remines
As with any sort of threat, preparation is key to survival and DDoS is no exception. Unlike natural threats such as hurricanes and blizzards, DDoS attacks can happen at any time. There isn’t a cyber-crime season to speak of and only on rare occasions do activists announce their intentions! As a potential target of a DDoS attack, you need to be ready. We’ve compiled a list of best practices for preparing in advance and responding when you’re hit with a DDoS attack.
1) Conduct a DDoS Risk Assessment – In order to determine your mitigation strategy you’ll have to understand your risk. The risk assessment should identify your most likely targets and help establish the impact an attack would have on your credit union. Would you have a large financial loss if attacked? Reputational damage if online banking were disrupted?
- Be sure to include a list of all web services along with clear and up-to-date documentation
- Inventory your Internet dependent processes and test the RTO/RPO against your current DDoS recoverability.
2) Develop a DDoS action plan that covers preparation/prevention, response and post-event analysis. Your plan should include detailed technical strategies, communications scripts and security tactics to be taken during all phases.
- If you found gaps between your RTO/RPO during your risk assessment, now is the time to fix them or document why you chose not to. Remember, a decision is a decision even if it is to ignore the risk.