Research by Kaspersky Lab and B2B International shows that businesses don’t need to have external interfaces such as public websites, customer portals and transactional systems to be hit by a DDoS attack: internal web services, operations and connectivity are just as vulnerable.
The Corporate IT Security Risks 2016* study shows that for the majority of victims DDoS attacks are not a one-off occurrence, with many companies subjected to multiple attacks in the last year. This just goes to show how important constant preventative measures are to ensure uninterrupted operation of online services during an attack.
DDoS attacks affected one in six companies over a 12-month period. The construction industry, IT companies and telecommunication services bore the brunt of these attacks. The majority of companies (79%) reported being attacked more than once, while almost half of victims were attacked four times or more.
Attacks on companies are distinguished not only by their frequency but also their duration: 39% of attacks were short-lived, while 21% of the companies surveyed said the attacks lasted several days or even weeks. Further adding to the reputational damage is the fact that companies often only find out they are under attack after being informed by external parties. In 27% of cases companies learned about an ongoing attack from their customers, and in 46% of cases it was a third-party audit organization that raised the alarm. This is not surprising considering cybercriminals usually attack external resources such as customer portals (40%), communication services (40%) and websites (39%).
"It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident, and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and, considering the likelihood of a repeat attack is almost 80%, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing," says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.
You can learn more about DDoS attacks from our Kaspersky DDoS Intelligence reports. More information about the protection Kaspersky Lab provides to combat DDoS attacks is available here .
*Corporate IT Security Risks is the annual survey conducted by Kaspersky Lab in cooperation with B2B International. In 2016, we asked more than 4,000 representatives of small, medium and large businesses from 25 countries about their views on IT security and real incidents they had to deal with.
Articles related to Business News
Danti and Co.: Cyberespionage Groups Use a Single Vulnerability to Target Organizations Around the World
Kaspersky Lab’s Global Research and Analysis Team has spent the last few months observing a wave of cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions, all of which share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability