There I was using my favorite marketing tool to prepare a product announcement to our client base when the site shut down. Hmmm, that was strange. I relaunched the site but could no longer get in. Then I rebooted my computer, ran some long overdue updates, and when those didn’t work I finally called my ace in IT. Guess what? This wasn’t a problem on my machine. I was just one of countless other people trying to go about my business without getting anywhere. Finally, panic set in.
Twitter, Time, Netflix, and Paypal were just a few of the sites affected. No one uses those sites right? This was serious and more importantly, completely unexpected. Turns out that it was a specific attack on an internet company located in New Hampshire called Dyn. I know I was not familiar with Dyn prior to the attack and had no idea that they were an integral part of managing the performance of internet traffic to some pretty major web sites. However those behind the attacks knew enough to know that an attack on this intermediary would have a big impact.
I am not an expert on anything IT related but I understand the basic concept of the attack. The attackers used millions of IP addresses to overwhelm the Dyn network making it impossible to get through to certain sites. This is called a DDoS (Distributed Denial of Service) attack. It is not a new type of attack but the way the attack was orchestrated, it was very sophisticated. The really scary part is that the attackers were able to infect a whole of host IoT (Internet of Things) devices to carry out the attack. We all have them. These devices that connect to the internet to make our lives easier are also opening up a whole new world in security risks.
The security concerns and solutions I will leave to the experts but all of this disruption brought to light how little we may know about the risks in our everyday workflows. What happens when one link in the chain breaks down in your workflow? We put a lot of trust in the service providers we have and knowing they have backup plan helps but we need to have our own backup plan ready to go. This prompted me to do a little digging into my own company’s backup plan.
First thing I found out was that our backup plan actually has a proper name. It is a Business Continuity Plan and they are pretty much standard operating procedure for many businesses. I was also impressed to learn that ours is very well thought out with multiple datacenters, redundant machines with automatic failover procedures and divergent internet carriers to manage connectivity. There is a lot more to it but those were the items that stood out to me. I figured we were good but I did not really know what that meant. If you are anything like me, do yourself a favor and ask about your business continuity plan at work. Can your customers reach you in case of an emergency? Is your business agile enough to respond to possible risks in your ability to provide your products and services? Is your body of work protected? Make sure you know the answers to these questions and know your backup plan.Malware Infection via photopin (license)