Ashley Stephenson , CTO , for Corero Network Security

Being in the security department isn ’ t easy . In fact , corporate security practitioners often find themselves in the unfortunate position of being critical to the survival of an organisation and yet seen as a necessary money drain or expense .

This conflict is often apparent when it comes to talking to executives . As the holders of the purse strings , they can grant or deny the budget that allows a security department to do its job well or constrains them to perform poorly . Understanding how to convince executives of the department ’ s relevance is one of a security professional ’ s key challenges in today ’ s enterprise .

Fortunately , things have gotten easier in recent years . Understanding a corporation ’ s dependence on reliable Internet connections along with the advent of headline-grabbing security breaches , and punishing regulatory compliance regimes have made executives more aware and more focused on cybersecurity .

However , it can still be difficult to win them over , especially when talking about some of the less understood threats – like DDoS .

Executive blindness to DDoS

Businesses are already convinced of the threat of ransomware , but have a harder time getting to grips with the unique risks of DDoS . Meanwhile , DDoS is becoming an ever more relevant security risk to businesses and increasingly threatens bottom lines and innovation within the enterprise .

Several trends have increased the gravity of DDoS attacks against business in recent years . The first is the interminable expansion of the digital enterprise . Technologies like the cloud , the IoT and mass remote working have fundamentally changed the shape of the enterprise network , expanding it beyond the reach of traditional DDoS defences and fracturing the attack surface . This has created a wide variety of exploitable attack vectors for which traditional security controls have not kept up .

FEATURE

The second is our ever-deepening reliance on cloud connectivity . When that connectivity is cut – enterprises that depend on connected computer systems and services become incapacitated .

Ransomware victims have experienced this first hand and many enterprises have been prepared to pay exorbitant ransoms in order to merely restore the operations of their businesses .

DDoS poses a similar threat . Enterprises rely on connectivity to a varied extent – and it makes perfect sense that DDoS gangs target sectors which are more reliant on constant connectivity as a core part of their business . Internet Service Providers ( ISPs ), cloud-hosting services , telecommunications companies , VoIP services and online video gaming companies have all drifted into the crosshairs of Ransom DDoS extortionists .

Getting through to the C-suite

It is this important point which executive boards must come to realise if they are to respond appropriately with adequate security budgets . The DDoS threats

49