The research, conducted at the U.S. RSA Conference 2015 and Infosecurity Europe, also revealed that a fifth of respondents (22 percent) indicated that DDoS attacks have directly impacted their bottom line – disrupting service availability and impeding revenue-generating activity.
“An organization’s ability to maintain service availability in the wake of a DDoS attack is paramount in maintaining customers, as well as winning over new customers in a highly competitive market,” said Dave Larson, CTO and Vice President, Product at Corero Network Security. “When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, the bottom line is immediately impacted.”
One-fifth of respondents cited a virus or malware infection as the most damaging consequence of a DDoS attack, and 11 percent indicated that data theft or intellectual property loss as a result of a DDoS event is of highest concern.
“DDoS attacks are often used as a distraction technique for ulterior motives. They’re not always intended for denying service, but rather as a means of obfuscation, intended to degrade security defenses, overwhelm logging tools and distract IT teams while various forms of malware sneak by,” Larson continued.
Nearly half of those surveyed admitted to responding reactively to DDoS attacks. When asked how they knew that they suffered a DDoS attack, 21 percent cited customer complaints of a service issue as the indicator of an attack, while 14 percent said the indicator was infrastructure outages (e.g. when their firewalls went down), and another 14 percent said application failures, such as websites outages, alerted them to the DDoS event. In contrast, less than half of respondents (46 percent) were able to spot the problem in advance by noticing high bandwidth spikes, an early sign of an imminent attack, by using other network security tools.
“It is an unfortunate but all too common issue when your customers are first to alert you to a service outage. From a technical perspective, it’s much harder to respond to an outage if you start off on the back foot. Real-time protection is really the only way to proactively combat the DDoS attacks targeting business,” Larson noted. “Using scrubbing centers to mitigate DDoS attacks off-site is a game of cat and mouse. With 96 percent of DDoS attacks lasting 30 minutes or less, by the time an on-demand defense has been engaged, it is already too late and the damage has been done.”
Approximately 50 percent of respondents rely on traditional IT infrastructure, such as firewalls or Intrusion Prevention Systems to protect against DDoS attacks, or they depend on their upstream provider to deal with the attacks. Only 23 percent of those surveyed have dedicated DDoS protection via an on-premises appliance-based technology or from an anti-DDoS cloud service provider. However, it appears that many organizations are more in tune with the ramifications of DDoS attacks, as 32 percent indicate that they have plans to adopt a dedicated DDoS defense solution to better protect their business in the future.
Larson concludes, “Attackers are finding new ways to apply DDoS tactics and mask malware and other vulnerability exploits, indicating that DDoS is a changing breed of threat that the Internet-connected business cannot afford to ignore. Relying on traditional infrastructure or upstream services to protect you against the frequent and increasingly sophisticated DDoS attack landscape is not a definitive solution. Dedicated DDoS protection technology that is deployed at the very edge of the network, or Internet peering can effectively inspect all Internet traffic and mitigate DDoS attacks in real-time removing the threat to your business before it can inflict damage.”