The results of a survey conducted by Kaspersky Lab and B2B International show that every fourth company risks losing access to business-critical systems, resulting not only in financial losses but also reputational damage – and all because there is no anti-DDoS protection in place.
More than half of companies believe that investing in protection against DDoS attacks is justified, and roughly the same number of respondents think anti-DDoS protection is an important cyber security requirement for their infrastructure. For telecoms and financial companies, the figures were 82% and 78% respectively.
However, in spite of this, a significant number of companies either do not use this type of protection (24%), or apply it only partially (41%). It turns out that just 34% of companies are fully protected against this widespread threat. Interestingly, the majority of companies with absolutely no anti-DDoS protection belong to the "group of risk", i.e. those industries attacked most frequently: the media (36%), healthcare and education (both 31%).
The survey also revealed that 25% of companies cited the stability of business-critical systems as one of their priorities, but only 15% intend to implement anti-DDoS solutions in the near future. At the same time, databases, email, websites and other online services whose operation is critical for almost all companies, can easily be disrupted by even the most unsophisticated attack. It is no surprise that, according to the survey, a single DDoS attack may cost a company more than $400,000 due to disruption of business processes and the costs of recovery, fines, restoring reputation and so on.
Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab comments: “From my experience I know that many companies see DDoS attacks as harmless when compared to malware infections, for example. However, this sort of approach could end up costing organizations dearly. DDoS attacks can be just as damaging to a business as any other cybercrime, especially if used as part of a bigger targeted attack . Protection of the IT infrastructure requires a comprehensive approach and an integral part is ensuring continuous availability of all critical online systems, regardless of the company’s size or sphere of activity.”