The purpose of the denial of service or distributed denial of service (DDoS) attack has mutated from fun to extortion. Specific steps can be taken by executives to mitigate the damage done by an attack, including the creation of a detailed cyber-extortion response policy, implementing technical mitigation steps both within their corporate network and in cooperation with their ISPs, and by closely liaising with law enforcement on the subject. Mitigation steps can be costly. So is paying extortion demands. A straightforward ROI calculation can be used to objectively determine the appropriate budget for mitigation.
Since many DoS attacks and cyber extortion demands are initiated from locations other than North America, particularly in jurisdictions that are logistically difficult with regard to cooperation, it is a daunting task for law enforcement to find and prosecute the offenders. Many times DoS attacks are transnational, which raises special investigatory issues, requires law enforcement coordination with foreign counterparts, and can introduce investigative delays. The bottom line is that executives need to understand they need to take primary responsibility for their own cyber extortion preparedness.