DDoS Cyberattacks: The Digital Bullying We Can Fight Together

As we have seen in recent months and years, the threat of cyberattacks remains present and just a part of the digital landscape. DDoS cyberattacks are disturbingly similar to traditional bullying; both exploit vulnerabilities, target the weak and aim to disrupt and harm communities.

Just as bullies exploit the weak, cyber attackers look for gaps in security posture. Once they find a vulnerability, they relentlessly target it until they achieve their goal and gain the attention their underlying mission requires.

As attackers exploit weaknesses, proactive defences are an essential area of focus. Similar to how individuals can strengthen themselves to resist bullying through personal development and assertiveness, organisations must continuously invest in robust cybersecurity measures, including but not limited to regular security information, audits, employee training, and implementing advanced security solutions.?

However, collective action is the most effective approach to combating bullying and DDoS attacks. In the face of bullying, individuals demonstrate strength and resilience together. Similarly, collaboration among organisations, information sharing, and coordinated responses are crucial in thwarting DDoS attacks in the digital realm.

Organisations like the National Security Cyber Security Centre (NS-CERT) and the Financial Information Sharing and Analysis Center (FI-ISAC) are vital in facilitating this collective defence. By sharing threat intelligence, best practices, and incident response strategies, these organisations empower organisations to protect themselves against cyber threats better.

The bullies want the egos within organisations to maintain a veil of secrecy. Security teams' failure to share and collaborate with communities or organisations plays into the hands of cyber attackers. Every conversation within your organisation, across your industry, or with security services can contain important learnings or reinforce the steps required to progress the organisation's or community's defences.

I can hear the inner voices of the security professionals shouting, "No, If we communicate our weaknesses, then that feeds more cyber attacks on our organisations or communities" The balance of sharing in circles when you have weaknesses is still essential. Taking the steps to not act as a victim and building a plan through the learnings you gain across this collaborative approach can only strengthen your organisation and community. The point is that these circles need to be broader than the security groups under attack. Acting like you have nothing to learn from others can be your downfall.

To the rest of your organisation, it is sometimes seen that cyber attacks' bullying focuses on the security team; the broader organisation watches and waits for the security team to deal with the bullying. In this vein of standing up, the whole organisation needs to help. The key is making security improvements easy to address and friction-free. In many places, the approach is for the security team to take on the role of bully, Pointing fingers at the rest of the organisation for not addressing security issues. The emails, scorecards and escalations turn into an internal form of bullying. Picking on the weaker members of your group, using embarrassment and finger-pointing when the actions to resolve our complex have unclear actions or, even worse, nowhere to go for assistance. If your organisation has weaponised security against the rest of the organisation, step in as a leader and steer & support embracing security as a joint mission across all technology. Removing the security team culture as a separate secret unit and folding it into the responsibility of all the technology units. Turn to celebrate and give within an organisation the positive steps to secure the technology, processes, and people; this needs support with clear steps and automation to make the resolution easy. The collective action is to make it easy to understand, act, and provide support to resolve security aspects. When we all embrace security, create visibility and simplify the steps for resolution, the progress will increase in velocity and be fun.

Standing still is not an option; keep up the evolution of security posture to fight off the next bully. Once one bully is defeated, don't think you are safe for the next few years. Keep up the collaboration and learn how others are moving forward to keep ahead of the threats. The more you ignore future evolutions and forget the past, the more you will repeat the past.

In conclusion, the parallels between DDoS cyberattacks and bullying are striking. But, much like fighting bullying, defeating DDoS attacks requires collective action. Collaboration across organisations, sharing threat intelligence, coordinating responses, and making the responses frictionless are all vital to defending against these digital bullies.?