The Most Damaging Ramifications of DDoS Attacks

Uploaded on 2015-07-20 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

ddos.jpg

More than half of IT security professionals (52 percent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to a survey conducted at RSA Conference 2015 and Infosecurity Europe 2015 by Corero Network Security.

In addition, 22 percent of respondents indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

corero-072015-1.jpg

 

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 percent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” according to Dave Larson, CTO at Corero Network Security.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 percent cited customer complaints of a service issue as the indicator of an attack, while 14 percent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 percent said application failures, such as websites outages, alerted them to the DDoS event.

In contrast, less than half of respondents (46 percent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

Approximately 50 percent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 percent of those surveyed have dedicated DDoS protection via an on-premise appliance-based technology or from an anti-DDoS cloud service provider.

However, it appears that many organizations are more in tune with the ramifications of DDoS attacks, as 32 percent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

"It looks like this survey is trying to sell the merits of on-premise strategy equipment, said Jag Bains, CTO at DOSarrest. "What it fails to elaborate on, is the challenge of enterprise or hosting networks that do not have large amounts of capacity to be even be able to deliver traffic to the various on premise solution out there, which is a very costly endeavor in terms of capex and opex should they decide to upgrade their capacity," concludes Bains.

Avi Freedman, CEO at Kentik, agrees with Bains: "In many cases, organizations are finding on-premise DDoS appliances to be overly expensive to select, evaluate, and run, and they can't effectively alone protect against the largest attacks. Further, cloud-based or peering-based mitigation techniques are working well in the field for hundreds of customers, so long as there are reliable mechanisms to invoke them in a timely manner. Some of the highest traffic web properties in the world use cloud DDoS mitigation providers with no specialized on-prem hardware deployed or necessary."
Net-Security: http://bit.ly/1TC94WJ

« Airlines on Defence Amid Cyber Warfare: IATA
Repelling the cyber-attackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

KvantPhone

KvantPhone

KvantPhone (formerly CryptTalk) is an easy-to-use, quantum resistant secure communication service designed for businesses and large organizations.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Shield-IOT

Shield-IOT

Shield-IoT provides real-time analytics and cyber security solutions for deployment in mass scale B2B and IIoT networks.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

GuardSight

GuardSight

GuardSight is a provider of specialized cybersecurity services to safeguard businesses, government, and remote workers against sophisticated cyber threats.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.

Cyber Castle

Cyber Castle

Linux Demands Sophisticated, Purpose-Built Security. Cyber Castle is the solution. A safe, deployable platform down to the edge device for monitoring Linux security anywhere across the globe.