If you’ve tuned into any major news outlet lately, you can’t help but have noticed the ongoing drama concerning the release of US cables by Wikileaks. Since Wikileaks began releasing snippets from their cache of secret communiques on-line activist group, Anonymous, have taken it upon themselves to enact a form of online ‘payback’.

Throughout the day, Anonymous have been directing it’s legion of constituents to conduct a distributed denial of service (DDoS) attack against MasterCard, Visa and others. Whilst I certainly don’t condone the actions of Anonymous in conducting illegal DDoS attacks, they have helped bring attention to an important issue.

When dealing with security, you’ll often hear mention of Confidentiality, Integrity and Availability — the three tenets of information security. All three of these are absolutely critical to protecting information. However, look at what most companies are doing and you’ll notice far less investment in protecting Availability, versus the other two domains.

I wanted to get a better perspective on the Anonymous actions, so I joined their IRC channel to listen in on what was being discussed. Whilst I was there, an announcement was made that the DDoS target was changing from MasterCard to Visa.com. This was scheduled to start at 4:00pm EST. I waited, and watched.

Within a matter of mere seconds, Visa’s web site was completely inaccessible. The DDoS attack was stunningly effective! In fact, it only took roughly 2,000 computers on the Internet to completely disrupt Visa’s site.

So what can we take away from this? We should be ensuring our security objectives include protecting the availability of our information systems. Sure, it’s critical to protect confidentiality and integrity… but your business may very well depend upon availability.