According to Dave Larson COO, Corero Network Security, “A number of things are going on in the landscape and it’s hard to say whether these are rapidly changing or we are just starting to see them.”
Denying service, which seems like it would have to be a big giant attack, is actually the result of something much smaller. “Almost 72% of attacks last less than five minutes and 93% are less than 1GB per second in capacity,” said Larson.
The attacks, though, are not about denying service. Larson said, “These aren’t just randomly occurring. People are orchestrating them, and they have to be doing this for a reason. We are starting to see material data breaches that included DDoS attacks as part of a multi vector intrusion.”
These smoke screen style attacks have significant impact on an enterprise because by design, they are distracting, which leaves security professionals looking in all the wrong places. “DDoS itself isn’t creating the data compromise, but if it is causing you to look in the wrong place, you could be one of the very many organizations that have already been breached and you don’t know it,” said Larson.
Constantly monitoring the environment to make sure that no unknown traffic is crawling around in the network will help to prevent a data compromise after a DDoS attack. Larson said, “You can imagine that more down in the weeds the impact could be that your environment is being scanned and crawled and floor planned. The bad guys are figuring out what they need to gain access.”
The cost of recovering from an attack is significant, particularly for small and midsize businesses. In a special report on security risks, Kaspersky Labs noted, “On average, a DDoS attack costs SMBs more than $50K in recovery bills, which is significantly more than the typical costs they face recovering from other types of attack.”
For some reason, though, companies still aren’t convinced that investing in security against DDoS attacks is money well spent. The Kaspersky Labs survey found that only around half of respondents (56% of IT professionals) believe that spending money to prevent or mitigate an attack would be worth the investment.
Evgeny Vigovsky, head of Kaspersky DDoS Protection at Kaspersky Labs said, “Protection from DDoS attacks is an important part of risk management, yet only 34% of survey respondents have fully implemented DDoS prevention systems of any type.”
There are many factors to consider in evaluating risks for enterprises, from dependence on online services to other resources. “In most cases, online services--websites, emails, databases--are critical. Without them, normal workflow stops,” said Vigovsky.
“Costs associated with failed online services are bigger than expenses for prevention solutions, but unfortunately, there are still companies that do not include DDoS attacks in their risk management strategy,” Vigovsky continued.
Sign up for CIO Asia eNewsletters.