The Most Damaging Ramifications of DDoS Attacks

ddos.jpg

More than half of IT security professionals (52 percent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to a survey conducted at RSA Conference 2015 and Infosecurity Europe 2015 by Corero Network Security.

In addition, 22 percent of respondents indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

corero-072015-1.jpg

 

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 percent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” according to Dave Larson, CTO at Corero Network Security.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 percent cited customer complaints of a service issue as the indicator of an attack, while 14 percent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 percent said application failures, such as websites outages, alerted them to the DDoS event.

In contrast, less than half of respondents (46 percent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

Approximately 50 percent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 percent of those surveyed have dedicated DDoS protection via an on-premise appliance-based technology or from an anti-DDoS cloud service provider.

However, it appears that many organizations are more in tune with the ramifications of DDoS attacks, as 32 percent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

"It looks like this survey is trying to sell the merits of on-premise strategy equipment, said Jag Bains, CTO at DOSarrest. "What it fails to elaborate on, is the challenge of enterprise or hosting networks that do not have large amounts of capacity to be even be able to deliver traffic to the various on premise solution out there, which is a very costly endeavor in terms of capex and opex should they decide to upgrade their capacity," concludes Bains.

Avi Freedman, CEO at Kentik, agrees with Bains: "In many cases, organizations are finding on-premise DDoS appliances to be overly expensive to select, evaluate, and run, and they can't effectively alone protect against the largest attacks. Further, cloud-based or peering-based mitigation techniques are working well in the field for hundreds of customers, so long as there are reliable mechanisms to invoke them in a timely manner. Some of the highest traffic web properties in the world use cloud DDoS mitigation providers with no specialized on-prem hardware deployed or necessary."
Net-Security: http://bit.ly/1TC94WJ

« Airlines on Defence Amid Cyber Warfare: IATA
Repelling the cyber-attackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

Quick Heal Technologies

Quick Heal Technologies

Quick Heal Technologies is a leading IT security solutions provider focused on endpoint and network security solutions.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

CyberSN

CyberSN

CyberSN matches cybersecurity professionals to jobs and removes the pain from job searching and hiring.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.