Mitigation strategies
Prabhu said CISOs should now test whether their control planes can withstand attacks above 15 Tbps, how to contain cloud cost spikes triggered by auto-scaling during an incident, and how to keep critical services running if defenses are overwhelmed. “CISOs can stress test these benchmarks through DDoS simulations and evaluation of CSP infrastructure DDoS resilience capabilities,” he added.
Others pointed out that strong cyber hygiene alone won’t stop compromised devices from being weaponized in DDoS attacks.
“The actual mitigation relies on layered defenses like DDoS scrubbers, CDNs, and traffic rate-limiters at the network edge,” Varkey said. “However, most consumer-grade IoT devices operate outside these protective perimeters, making them ineffective in preventing outbound attack traffic. This highlights a systemic gap where device-level security must be matched by ISP-level filtering and OEM responsibility to reduce global DDoS risk.”
