A guest post by Jim Rogers of Neustar.
Chief information officers (CIOs) and chief marketing officers (CMOs) don’t always work together closely. Each person surely understands the other’s value, but they speak fundamentally different languages. They also have intrinsically different operating philosophies. However, a CIO and a CMO clearly have overlapping interests and mutual priorities, so they need to join forces to get the job done.
Now, there’s an even more critical reason for CMOs and CIOs to work together. That reason can be summed up in four letters: DDoS (Distributed Denial of Service attack). A lack of cooperation could be deadly for every marketing initiative.
For marketing professionals suspicious of geek-speak, here’s a primer. A DDoS attack is when your network gets flooded with so many requests that it gets overwhelmed and no longer recognizes the good requests from the bad ones. So, your network stops responding and gets shut down. That means your website will go down, your landing pages become unavailable, and your entire business starts to look questionable.
Your website is the face your company shows to the world. Unfortunately, some bad guys out there focus on throwing mud all over it.
What Do Attackers Want?
You need to know two types of bad guys exist out there: the old-fashioned kind, who is out to make a buck, and a newer breed of "hacktivists" who have different motives than outright theft. These are mostly anonymous groups who team up to embarrass a public or private entity (while showcasing their own skills along the way). Their weapon of choice is a DDoS attack.
Using a range of tools and tactics, hacktivists essentially crash the system. For example, the e-mail server is typically the communications lifeblood of every organization. Perpetrators can use a variety of freely available technologies to send in a hailstorm of fraudulent incoming mail and other requests to disable e-mail communications. Among many such examples, the Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and Denial of Service application that’s widely available. It can be aimed with deadly precision at not just e-mail but Web applications and even the firewall. Even with traditional hardware defenses and backup resources, huge networks can be disabled for long periods.
Some of this will sound familiar because that’s exactly what happened to this very outlet. MarketingProfs’ service provider was recently hit with a DDoS attack that affected some operations.
For CIOs, a DDoS attack is a major headache. For CMOs, it can spell disaster.
The network infrastructure is like an online marketer's supply (and demand) chain. Without the ability to meet incoming requests or adequately maintain communications, core marketing capabilities are rendered useless. In the short term, every marketing initiative suffers badly; in the long term, the entire user experience---and the overall brand---takes a serious hit.
How to Plan Your Defense
No one is suggesting that marketing executives acquire IT skills overnight or even become immersed in the minutiae of DNS defenses. However, given that marketing is among the functions hardest hit by DDoS attacks, some education and planning is in order.
Here are some questions to help with your planning.
- Does the organization have a plan in place to cope with a DDoS attack? Again, the goal of such an assault is not to steal data (though that might also happen when defenses are down) but to halt all operations and put an embarrassing “Closed” sign on your front door. A series of attacks were launched recently at high-profile targets, and quite a few attacks crippled communications and required a major allocation of resources.
- Are there adequate defenses in place to ward off a DDoS attack? (This can only be managed in cooperation with the IT department.) Has a mitigation solution been identified? Has technology (ISP, hosting firewall, appliance, etc.) been added to your toolkit to combat incoming threats? Do Service-Level Agreements (SLAs) with Internet Service Providers afford enough protections? This is a difficult question to answer because the newest variant of DDoS attacks is more potent than before, and there is a finite amount of capacity to handle them. More to the point, an ISP might conclude that the sheer scale of incoming traffic will affect operations with its other clients and turn off the spigot altogether, as may have been the case with MarketingProfs own outage.
- What steps has your company taken to protect the user experience? In most marketing campaigns, this is critical. Even a slight hiccup can send customers elsewhere, never to return. Has the organization done enough testing, allocated resources to ramp up support as needed, and ensured that bandwidth-intensive bottlenecks are temporarily addressed or redirected as infrastructure is reassigned?
- Also, is there a plan in place for when a Web outage occurs? The IT team will definitely prioritize the issue of bringing everything back up, but is there any alternative channel available to explain the problem or to just get the word out?
- Similarly—and this might be seen as an IT-centric issue—is there a priority list in place to ensure the order in which online services and applications are brought back online and who in Marketing should be told when something is down? After all, these marketing campaigns are based around e-mail, web services, and so on. This may be an IT function, but it should be a marketing decision.
A sophisticated network assault can spell disaster for a company, but it doesn’t have to be that way. Working together, CIOs and CMOS can ensure that even the most deadly DDoS attack is mitigated or is rendered irrelevant. That might be the best alternative of all.
Jim Rogers is the vice president of marketing, enterprise services at Neustar. He has deep expertise in market development, acquisitions, online marketing, pricing and product strategy. Follow him on Twitter.
(Photo courtesy of Bigstock: Computer Hacker)