What can a major US university teach us about the true cost of DDoS attacks?

If you were to hear that Rutgers University incurred serious damages, you might assume it was Sunday morning and these came courtesy of the Ohio State football team. Not exactly. What we’re dealing with here is the repeated DDoS attacks that have impacted Rutgers so severely that they had to raise students’ tuition to cover the university’s security costs.

Attacks like these are happening to organisations all over the world, not matter their size or status. But how can such costly attacks be prevented?

A tradition of excellence…and DDoS attacks

Rutgers University, the state university of New Jersey, is a public research university, the eighth oldest college in the United States, and one of the nine so-called Colonial Colleges that were founded before the American Revolution. Students from United States as well as international students study at Rutgers University; the school currently has 45 000 undergraduate students, and an additional 20 000 graduate and professional students.

Unfortunately for Rutgers, a legacy of greatness in New Jersey education isn’t the only legacy it’s currently dealing with. Over the past year, Rutgers has suffered from four DDoS attacks.

These attacks caused enough damage to the university’s security system that the school had to invest an additional US$3-million just to upgrade its network security. This US$3-million investment was the main reason Rutgers had to raise their tuition 2.3 percent for the 2015-2016 school year.

Now, imagine how students felt when, after paying for the security upgrade, Rutgers was once again knocked offline by a DDoS attack in September of this year. Not only were internet connectivity and WiFi access affected, but two specific online tools used to administer tests, homework and other course-related communications were rendered unusable.
Rutgers University students have unfortunately been at the brunt of these attacks (Shutterstock)

Exfocus putting DDoS attacks in focus

It didn’t require an online security forensic detective to figure out who’s behind the DDoS attacks on Rutgers. A hacker, who goes by the name “Exfocus,” has proudly taken credit for all major DDoS attacks on Rutgers University. This hacker has been saying that someone is paying him in Bitcoin for the attacks, in order to get their own revenge against the university.

If the driving force behind these attacks is in fact one person with an ax to grind, that individual has ground it hard. In addition to the US$3-million security upgrade investment, and the untold hundreds of thousands (if not millions) spent dealing with the attacks, the Rutgers DDoS attacks have also succeeded in infuriating students.

Not only have students had to fund a security upgrade that essentially did not accomplish the job they paid for, but they’ve also dealt with necessary services being unavailable to them: internet, Wi-Fi, online components of courses, and the school’s ability to accept credit cards, to name a few.

The attacks have taken an increased toll on international students especially. In a security effort, Rutgers has put country blocks in place for countries like Brasil, Vietnam and China, making it impossible for international students to access sites from their home countries. This has caused applications, like WeChat, to be blocked, ultimately taking away a major means of communication with friends and family at home for Chinese students. Why does this affect them? The popular communication methods like Facebook and Skype are blocked in China, and therefore these international students were unable to communicate with their friends and family. There has been no official word from Rutgers on when access will be restored.

Lessons learned from Rutgers, without ever attending

It may be hard to imagine an institution or organisation dealing with DDoS attacks as poorly as Rutgers has dealt with theirs; However, Rutgers is hardly an anomaly. Despite the prevalence and potency of DDoS attacks, many organisations are completely unprepared for the reality of a DDoS attack. Or, as is frequently the case, multiple DDoS attacks.

This is extremely unfortunate, especially after a survey undertaken by DDoS protection services provider, Incapsula, has found that nearly one in two organisations are targeted with a DDoS attack, and 70% of organizations targeted are targeted multiple times.

The survey further found that the average cost of dealing with an unmitigated DDoS attack is US$40 000 per hour. With 49% of DDoS attacks lasting between 6 hours and 24 hours, the average total cost of dealing with an unmitigated DDoS attack can be conservatively put at US$500 000. These costs extend past the IT department, into security and risk management, even customer service and sales, whom will be the ones on the frontline for frustrated customers who have had their trust diminished.

DDoS cost for organisations Link to Hi-Res Photo

The best defense is a good offense

Don’t try telling it to the man with his head in his hands at High Point Solutions Stadium. His face may be painted scarlet red in support of his team, but there are worse things going on at Rutgers than a crushing defeat by Ohio State. Or Penn State. Or Nebraska.

However, just as you wouldn’t try to win a football game without a good defensive strategy, you can’t expect to defend against DDoS attacks without proactively investing in professional DDoS protection – services that can be easily integrated with your existing security for better overall protection and optimal DDoS protection.

Image: Lacwal12 via Wikipedia.



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.