Hit By DDoS? You Will Be Hit Again…

More than 80% of DDoS victims are attacked a second time.

More than half of all DDoS strikes have resulted in some kind of customer data loss, intellectual property theft or disappearance of money, according to a new report from Neustara marketing, IT and security services, data services and domain registry company.

It’ll happen again, too. The IT firm also discovered that the vast majority of organizations (82 percent) are attacked again after the first DDoS onslaught.

“DDoS attacks continue to pose a legitimate threat as a dangerous weapon used to create chaos and hold organizations hostage,” Neustar says in the report. Not many are “spared,” the security outfit says, and almost half of those blitzed once were thrashed six or more times.

Company responses to DDoS attacks

DDoS attacks are “an institutionalized weapon of cyber warfare,” says Rodney Joffe, head of IT security research at Neustar, in a press release. “The reverberations are felt like a domino effect throughout all departments.”

The consequences appear to be an overall increase in investment in DDoS protection, though. “Participating in security consortiums to share information on threats and counter measures” is also becoming popular, the release says.

About three quarters (76 percent) of the battered companies increased spend on protection in 2015. Half (47 percent) joined in with others to share information.

Sharing information is critical

Interestingly, another recent report complains of private-sector cybersecurity folks not sharing enough. Fedscoop writes about McAfee’s March 2016 study of 500 business professionals who said they “were aware of cyber-threat sharing initiatives” but weren’t convinced they wanted to reciprocate—even though they would be happy to receive such information.

“Ninety-one percent said they would be interested in receiving information relevant to their industry. Only 63 percent said they would be likely to reciprocate by sharing their own intelligence,” Fedscoop says of the McAfee study.

Sharing is important to get a picture of who the attackers are, what they are assailing and how they’re doing it. A “lack of understanding” and corporate policy issues are “barriers to sharing,” Fedscoop explains.

The increase in DDoS protection spending uncovered by Neustar wasn’t across the board.

Thirty-seven percent of the companies surveyed say they’re investing more than a year ago, and that it’s “in proportion to the threat of DDoS attacks.” Another 39 percent say they are investing but think they should invest even more.

Sixteen percent aren’t investing more, though. A further 5 percent not only aren’t investing more, but they say DDoS isn’t a high priority. Only 3 percent have no specific anti-DDoS budget.

Neustar surveyed 1,005 executives across the tech, financial services and government sectors in late 2015. Seventy-nine percent of the organizations “report yearly revenues of more than $100 million, with $1 billion or more in annual revenue,” it says.

The loss numbers are big, too. Half of the organizations “would lose at least $100,000 per hour in a peak-time DDoS-related outage, [and] 33 percent would lose more than $250,000 per hour.”

And almost half (42 percent) “needed at least three hours to detect that they were under DDoS attack,” Neustar says.

Ein News

 

« Tracking Islamic State Impeded By Encryption
IS Forms Mega Hacking Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Institute for Cybersecurity & Privacy (ICSP) -  University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.