‘Corporate IT Security Risks’ Research from Kaspersky Lab has found that businesses are not ready to protect themselves against DDoS, with four in ten (39%) businesses unclear about the most effective protection strategy to combat this type of attack. A lack of knowledge and protection is putting businesses at risk of grinding to a halt.
DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, the research found that nearly a fifth (16%) of businesses are not protected from DDoS attacks at all, and half (49%) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods.
Large-scale cyber attacks are now commonplace, such as the recent attacks on the servers of Dyn, which brought down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33%) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18%) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43%) saying regulation is the reason they protect themselves.
The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40%) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30%) think data center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach.
Moreover, the survey found that a third (30%) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12%) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cyber criminals to launch. What’s more, the potential cost to a victim can reach millions.
“As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.”