The Most Damaging Ramifications of DDoS Attacks

ddos.jpg

More than half of IT security professionals (52 percent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to a survey conducted at RSA Conference 2015 and Infosecurity Europe 2015 by Corero Network Security.

In addition, 22 percent of respondents indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

corero-072015-1.jpg

 

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 percent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” according to Dave Larson, CTO at Corero Network Security.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 percent cited customer complaints of a service issue as the indicator of an attack, while 14 percent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 percent said application failures, such as websites outages, alerted them to the DDoS event.

In contrast, less than half of respondents (46 percent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

Approximately 50 percent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 percent of those surveyed have dedicated DDoS protection via an on-premise appliance-based technology or from an anti-DDoS cloud service provider.

However, it appears that many organizations are more in tune with the ramifications of DDoS attacks, as 32 percent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

"It looks like this survey is trying to sell the merits of on-premise strategy equipment, said Jag Bains, CTO at DOSarrest. "What it fails to elaborate on, is the challenge of enterprise or hosting networks that do not have large amounts of capacity to be even be able to deliver traffic to the various on premise solution out there, which is a very costly endeavor in terms of capex and opex should they decide to upgrade their capacity," concludes Bains.

Avi Freedman, CEO at Kentik, agrees with Bains: "In many cases, organizations are finding on-premise DDoS appliances to be overly expensive to select, evaluate, and run, and they can't effectively alone protect against the largest attacks. Further, cloud-based or peering-based mitigation techniques are working well in the field for hundreds of customers, so long as there are reliable mechanisms to invoke them in a timely manner. Some of the highest traffic web properties in the world use cloud DDoS mitigation providers with no specialized on-prem hardware deployed or necessary."
Net-Security: http://bit.ly/1TC94WJ

« Airlines on Defence Amid Cyber Warfare: IATA
Repelling the cyber-attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.