Businesses are not ready to protect themselves against DDoS, with four in ten (39 per cent) businesses unclear about the most effective protection strategy to combat this type of attack, according to an IT security product company. A lack of knowledge and protection is putting businesses at risk of grinding to a halt, it is claimed.
DDoS attacks can incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, research from Kaspersky Lab found that nearly a fifth (16 per cent) of businesses are not protected from DDoS attacks at all, and half (49 per cent) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods.
Large-scale cyberattacks are now commonplace, such as the recent attacks on the servers of Dyn, which brought down sites including Twitter, the Guardian, Netflix, Reddit, CNN and others in Europe and the United States. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33 per cent) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18 per cent) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43 per cent) saying regulation is the reason they protect themselves.
The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40 per cent) of the organisations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30 per cent) think data centre or infrastructure partners will protect them. This is also not always effective, because these organisations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behaviour, require an expert approach.
Moreover, the survey found that a third (30 per cent) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12 per cent) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost to a victim can reach millions.
Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab says: “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise. When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result, business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialised DDoS protection solution should be considered an essential part of any effective protection strategy in business today.”
