In some cases, this may result only in an e-mail message being delayed by a few seconds, but in the case of a VoIP transmission, the delay could degrade the quality of a voice call. More importantly, a DDoS attack could prevent a network security certificate from being approved.
McPherson calls it "the butterfly effect," akin to the notion that if a butterfly flaps its wings in a South American jungle, it can set off a chain reaction that helps create a typhoon in the South Pacific. "When you launch a DDoS, that [target] is not the only one on the Internet that is affected," he says. "The Internet is inherently multitenant, and there is a very high probability that even with a reasonable-sized attack today, it can cause collateral damage to other users of that infrastructure."
Even though the WikiLeaks attacks were relatively small, at 3 to 4Gbps, a 10Gbps attack could disrupt the Internet backbone of an ISP, McPherson says. He adds that 10Gbps attacks occur across the Internet on average once every three hours. McPherson advises that Internet security officials at enterprises focus on ensuring that data on their networks is kept confidential, that its integrity is protected and that its network remains available to keep business running.
Unfortunately, McPherson says, companies spend 80 percent of their IT security budgets on compliance only. There's a saying in the business, he adds: "Compliance doesn't get you security, but security should get you compliance."
