The Most Damaging Ramifications of DDoS Attacks

Uploaded on 2015-07-20 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

ddos.jpg

More than half of IT security professionals (52 percent) said loss of customer trust and confidence were the most damaging consequences of DDoS attacks for their businesses, according to a survey conducted at RSA Conference 2015 and Infosecurity Europe 2015 by Corero Network Security.

In addition, 22 percent of respondents indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.

corero-072015-1.jpg

 

One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 percent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.

“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” according to Dave Larson, CTO at Corero Network Security.

Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 percent cited customer complaints of a service issue as the indicator of an attack, while 14 percent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 percent said application failures, such as websites outages, alerted them to the DDoS event.

In contrast, less than half of respondents (46 percent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.

Approximately 50 percent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 percent of those surveyed have dedicated DDoS protection via an on-premise appliance-based technology or from an anti-DDoS cloud service provider.

However, it appears that many organizations are more in tune with the ramifications of DDoS attacks, as 32 percent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.

"It looks like this survey is trying to sell the merits of on-premise strategy equipment, said Jag Bains, CTO at DOSarrest. "What it fails to elaborate on, is the challenge of enterprise or hosting networks that do not have large amounts of capacity to be even be able to deliver traffic to the various on premise solution out there, which is a very costly endeavor in terms of capex and opex should they decide to upgrade their capacity," concludes Bains.

Avi Freedman, CEO at Kentik, agrees with Bains: "In many cases, organizations are finding on-premise DDoS appliances to be overly expensive to select, evaluate, and run, and they can't effectively alone protect against the largest attacks. Further, cloud-based or peering-based mitigation techniques are working well in the field for hundreds of customers, so long as there are reliable mechanisms to invoke them in a timely manner. Some of the highest traffic web properties in the world use cloud DDoS mitigation providers with no specialized on-prem hardware deployed or necessary."
Net-Security: http://bit.ly/1TC94WJ

« Airlines on Defence Amid Cyber Warfare: IATA
Repelling the cyber-attackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF) is a business and labour market lobbying organization that promotes the competitiveness and business conditions of Finland’s most crucial export industry.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

Hysolate

Hysolate

Hysolate has transformed the endpoint, making it the secure and productive environment it was meant to be.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.

Minsait Cyber

Minsait Cyber

Minsait Cyber (formerly SIA Group) is the Indra Group's cybersecurity company, a leader in Spain and Portugal in terms of both revenue and expert talent, with more than 2,000 specialists.