DDoS awareness: only 34% of companies say they are protected

Roughly every fourth company lacks any anti-DDoS protection, a new survey says.

Roughly every fourth company lacks any anti-DDoS protection, a new survey says, and even though the majority of businesses perceive such protection measures as an important cybersecurity requirement, almost 25% do not have any, and only 34% consider themselves fully protected.

Diverse results

The figures are actually quite diverse in this latest survey. In general, more than half of the surveyed companies believe that it is “justified” investing in protection against DDoS attacks and roughly the same number consider anti-DDoS to be an important requirement, and it is telecoms and financial companies who are concerned the most: 82% and 78% respectively think it is necessary to deploy anti-DDoS protection and are ready to invest in it.

This is well understandable, since telecoms are leading the list of the industries which are “most likely to suffer from a DDoS attack”. Financial services go second, IT industry goes third.

About 20% of companies with 50+ employees reported that they have been the victim of at least one DDoS attack during the period of the survey.

DDoS attacks are a very common event and a major, although not a dominating, factor in the threat landscape. They happen all the time – take a look into Kaspersky DDoS Intelligence Report for Q4 2015 for examples – but they are not the top case for data loss nor the most frequent type of an external threat experienced by the corporate sector.

Certainly, summary reports of such attacks are not unlike crime columns in newspapers, whereas a large number of isolated events are packed into one page – creating a grim impression that perils are all around.

Essentially this impression is wrong, but on the other hand ignoring the threats altogether may lead to trouble.

Not dominating, but…

With DDoS it may well be a trouble within a trouble: as we have pointed out many times before, it is not uncommon for DDoS attacks to serve as a cover-up for much more dangerous and damaging attacks, including exfiltration of sensitive data and/or funds. 50% of those who experienced a DoS/DDoS attack reported a noticeable disruption of services, and of those, 74% registered other cyber-security incidents at the same time as the DDoS attack. Typical examples of attacks experienced by businesses at the same time as the DDoS attack are malware attacks and network intrusion. Overall, 26% of those who suffered from a DDoS attack said that sensitive business data was lost as a result, and 31% said that non-sensitive business data was lost.

In “decoy” cases the overall damage theoretically may be many times higher than that of the DDoS attack itself, depending on the nature of the other incident.

DDoS is also often used as an extortion tool. Criminals occasionally dare to take on really big fish, such as major banks and even national-wide civilian services. But SMBs are also a common target for such attacks; malefactors may demand money for cancelling the attack, or keep the pressure to derail the business on behalf of its unscrupulous competitors.

Awareness could use improvement

The survey revealed that 25% of companies cited the stability of business-critical systems as one of their priorities, but only 15% intend to implement anti-DDoS solutions in the near future.

At the same time databases, email, websites, and other online services whose operation is critical for almost all companies can easily be disrupted by even the most unsophisticated attack, unless there is something to prevent it.

According to the survey, a single DDoS attack may cost a company more than $400,000 due to disruption of business processes and the costs of recovery, fines, restoring reputation, and more.

The full text of the survey is available here.

To shield the businesses from DDoS attacks Kaspersky Lab offers Kaspersky DDoS Protection – the solution that combines Kaspersky Lab’s extensive experience in combating cyber-threats with the company’s in-house software development expertise.

The solution protects against all types of DDoS attacks, regardless of their complexity, power, duration and immediate target be it a website or some internal system. Kaspersky Lab’s solution protects any online service that could come under attack, including business applications, internal and external services, databases, and more.

Further information about the solution is available here.