There is a concept in insurance called “inherent vice.” It speaks to the fact that there are certain qualities in an asset that will inevitably cause it to harm itself. Insurance usually will not cover inherent vice.
If you’re shipping fruit, you won’t get insurance against spoilage, because spoiling is what fruit does.
(Inherent Vice is also a great book, and a pretty good movie.)
I’m going to contort the idea of inherent vice to make a point about denial of service attacks on websites. Oh yes I am.
Q1 2023 saw 47% more attacks than the same time period a year prior.
A denial of service attack on a website or service endpoint used to be an uncommon event, one that we equated with force majeure. It happened, it couldn’t be predicted or prevented, and our responsibilities were to respond, mitigate as best we could, and then pick up the pieces. Those days, as they say, are behind us.
From 2013 to 2022 there was an 807% increase in the number of DDoS attacks worldwide.
“Okay,” you say, “but that was 2013, when dinosaurs roamed the earth.”
According to one source, In 2022 there were an estimated 13 million DDoS attacks, and Q1 2023 saw 47% more attacks than the same time period a year prior. I’m gonna go ahead and predict that trend didn't reverse itself in Q2 ‘23.
Denial of service attacks are inherent in the public internet, like waves on the ocean.
Now consider a few things: first, the stats above are for DDoS attacks, only one type of volumetric attack, and volumetric attacks are only one type of denial-of-service attacks. Second: these stats measure frequency but not severity. Third: attacks are becoming cheaper and easier to perform; for a few dollars you can rent yourself a botnet and point it at whoever offends you. (Please don’t.)
And that’s all before what-we-call-AI really enters the arena.
I say all of that to say this: denial of service attacks are inherent in the public internet, like waves on the ocean. Failure to proactively account for them in software, infrastructure, resource planning, and product strategy is a defect, indeed a vulnerability, in your offering.
If we don’t refrigerate the peaches they’re gonna rot, and we’ll only have ourselves to blame.
Ok, but FYI, now my inherent vice wants to know where to buy the evil botnet.