DDoS Attack... for Dummies!

Thierry Derungs, Chief Digital Officer, BNP Paribas Wealth

Thierry Derungs, Chief Digital Officer, BNP Paribas WealthThierry Derungs, Chief Digital Officer, BNP Paribas Wealth

DDoS attack shuts down key FinTech Sites

But be cautious with "big titles" like in this article it could make you thinking that these FinTechs are weak... Understanding exactly the kind of attack is important. In this case, it was not the FinTechs' infrastructure which had been successfully attacked but the way to access.

"All internet sites have an IP address which almost no common user could remember"

Indeed, what is DDoS? DNS Deny of Service... Still unclear? Just follow me.

DNS is for Domain Name System. All internet sites have an IP address which almost no common user could remember. So with put names on them: the URL. And the root of the URL is what is called a Domain. Managing Domains names is done by a set of companies known as DNS service providers (the modern internet equivalent to the good old paper phonebook).

What is Deny of Service? It is "just" attacking you through some heavy solicitations. Imagine yourself... one person speaks to you: no problem to understand him. A second person speaks to you at the same time: difficult to follow the first one but still okay. Now, ten persons speak to you at the same time: you do not catch any conversation anymore, even the one you were having with the first person. You suffer a DoS... Over solicitation on your service (understanding a conversation) has just stopped it.

And now... what is a DDoS (DNS Deny of Service)? Imagine you organize a big party at your home and sent your GPS coordinates in the invitation. Everybody is on the road to come but suddenly GPS is crashing... No one can find you anymore; you will be alone at your party... Was your home door broken? Or unsafe? Not at all... the weak point is the GPS and the fact that it was the only mean to find you...

Can you do something against a DDoS attack? Of course! In my example, you should have provided also in the invitation your address and even a paper map. If the GPS crashes, people have an alternative to find you. So you will enjoy your party with all your friends!

Coming back to the article, the attacked FinTechs should have at least a second DNS provider. Indeed, it becomes much (much much) more difficult to attack successfully several DNS providers at the same time... This allows them to keep ways to drive your users to your door, even if one DNS provider goes down.

As you could see, cyber security is key and is a wide and complex topic. Have you even thought one day that to secure your birthday party, you have to worry about GPS's liability?

Weekly Brief

Read Also

Retail Perspective on Enterprise Risk Management (ERM)

Retail Perspective on Enterprise Risk Management (ERM)

Francisco Fuentes, Vice President of Risk Management, Tailored Brands
A Deep Dive Into ERM Framework

A Deep Dive Into ERM Framework

Joseph Iraci, Managing Director Financial Risk Management and CRO for the Broker Dealers and FCM, TD Ameritrade
From Passive to Active Cybersecurity Risk Management

From Passive to Active Cybersecurity Risk Management

Frederic Lemieux, Ph.D. Director, Master’s in Cybersecurity Risk Management, Georgetown University
Sometimes Life is a Sprint And not a Marathon

Sometimes Life is a Sprint And not a Marathon

Carlos Rodriguez, Director of IT Security & Risk, Citizens Property Insurance Corporation
The Health And Safety Prong Of Risk Management

The Health And Safety Prong Of Risk Management

Lance Norris, CSP, HSE Director, Redi Services LLC
How to build a better Information Security Program

How to build a better Information Security Program

Jennifer Rosario, CISO, Spreedly