Planning for a DDoS Attack

By James Robinson ·

Last week several prominent DDoS (distributed denial of service) attacks were in the news, specifically targeting the popular note-taking app Evernote and the RSS reader Feedly. These attacks, along with others over the years, should serve as a call to attention that if an organization provides services to internet users, they must be prepared for a DDoS attack.

I speak with hundreds of CISOs a year, and most of them are not prepared in any way. The only ones that are prepared are those who have lived through a DDoS attack.

There are three things that your organization needs to consider when planning for a DDoS attack:

1. What is the value of your internet connections and the services provided by SaaS organizations? If your organization is a service provider, this is easy to calculate based on the transactions processed per second, minute, hour, day, etc. This is not as easy to calculate for services used by an organization such as Evernote. Sadly, most do not have a BIA/BCP (business impact analysis/business continuity planning) function to help with this calculation or identify services which are critical to an organization and wrap disaster recovery plans around them.

2. What defenses can your organization put in place? Again, this is easy if your organization is a service provider. However, we find more and more organizations are interested in trying to put some DDoS services in front of the SaaS they are leveraging to insulate themselves, or are reinvestigating their contracts and SLAs.

3. What does your incident response plan look like? Typically, incident response plans are good, but they are IT-centric and miss critical integrations with public affairs/media teams and legal. The best organizations have incident response plans and protection services they can leverage to ensure they are able to communicate with clients while a DDoS attack occurs.

Don’t wait until a DDoS attack strikes your organization. Be prepared with a plan to defend against the attack and lessen the impact to your company.


James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.