DoS and DDoS attacks are one of the most typical types of security incidents.

The denial of service DoS attack, for its acronym in English Denail of Service, consists of making a resource (website, application, server) no longer available because it is overflowing.

Likewise, DDoS is the acronym for Distributed Denial of Service, Which translated would be a distributed denial of service attack, which consists of attacking the server from many computers so that it stops working.

Let's imagine that we have a server where our company's corporate website is hosted and it has a form where requests and requests that arrive at the server are handled.

Our server is very efficient and is capable of handling several requests with normal load. But one day many more requests and requests than usual begin to arrive through the form.

Faced with so many requests, the server begins to saturate and increases its response time, not being as efficient as it used to, until a point where it is completely saturated and stops responding. The server may shut down directly or may just stop responding to requests. In any case, the server will not function correctly again until it is no longer saturated, because the attack stops or because illegitimate connections have been blocked.

Exactly the same thing has happened in the health system in the face of the pandemic caused by covid-19. As there have been too many requests due to a very unusual health demand, the system has run out of resources and is overwhelmed (overflow).

Denial of service attacks can affect any organization, in the same way that the Covid-19 health crisis has affected different countries around the globe. However, the consequences will vary greatly depending on the prevention measures taken. If these are correct, the consequences of the attack will be imperceptible, but on the other hand, if the prevention measures are null, the system may remain inoperative for the entire duration of the attack and its derived consequences.

The server (health system) will not return to normal until the attack stops by blocking illegitimate connections (covid-19 vaccine) or stopping the virus through isolation to avoid mass infections. What's more, the server (health system) could even have been blocked and shut down directly.

Could the coronavirus crisis have been avoided?

The answer is that pandemics cannot be avoided, but much can be done to prevent and mitigate them.
The first thing would be to review the documents of the health emergency plan national so that they collect the important experience of this COVID-19 coronavirus crisis.
Regarding the priorities for action, it seems to be proven that the countries that have had the most success in the fight against the virus, such as South Korea, have been based on carrying out massive tests to detect where the infected people were and prioritize action on them.

Furthermore, you must improve media available and ensure that they are updated, including humans, to be able to have a “strategic reserve” of health personnel that can be used if necessary.

Without a doubt, we must increase the training for diseases of this type. This training should not only cover health personnel, but also other institutions and civil society.

Could you prevent a DDoS attack?

In the same way as with the Covid-19 health crisis, you cannot prevent being the target of attacks, but you can prevent and mitigate them.

For this you must have a Security Master Plan and its corresponding Incident Management Plan that contemplates this type of attacks can make the difference when the company is attacked.

DDoS Test. The purpose of these tests is to simulate a DDOS attack on the website or service requested, in a controlled manner, to know the state of the security of the service or website and apply the necessary measures to avoid this attack or have reactive measures. in the event of suffering the attack.

Some denial of service attacks originate from outdated systems, as these are essentially more vulnerable. Keep them updated systems (software, servers, web content managers, etc.) is essential to avoid any type of attack. DoS or DDoS attacks are no exception.

Taking into account that employees themselves are often an easy target for entry into company systems, since attackers often use them without their own knowledge through social engineering techniques, awareness and training is a key piece. to prevent attacks. On the other hand, it is highly recommended that there is a technical role in the company with a proper training To be able to direct, guide and coordinate the implementation of the security strategy, this role is played by the information security director or CISO.

Author: María José Peña. Computer engineer. IT Project Director. Passionate about Cybersecurity

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page