Let's see what happens with the "underrated" DDoS attacks. Today, the potential for businesses to fall victim to cyberattacks is one in five. At the same time, an attack is accompanied by several hours of suspended operations, while the cost of restoring the damages is up to $417.000.
This is a summary of the consequences of a typical DDoS attack, which were analyzed in detail in the recent Corporate IT Security Risks survey conducted by Kaspersky Lab and B2B International in 2015.
According to the survey, 20% of enterprises with 50 or more employees have suffered at least one DDoS attack, with the largest businesses being hit the most (24%). In addition, more than a quarter of DDoS attacks lead to the loss of sensitive data, an unexpected and detrimental consequence for businesses.
The results of previous Kaspersky Lab reports show that DDoS attacks can lead to significant financial loss for small and medium-sized businesses. DDoS attacks are the fourth most expensive type of security breach facing small and medium businesses.
On average, restoring a DDoS attack costs more than $ 50.000 in a small and medium-sized business, much more than the usual costs associated with restoring other types of attacks. Businesses spend a lot to recover from a third-party failure or a digital espionage attack, but the typical financial damage of a DDoS attack is below average for large businesses ($ 417.000 compared to the average of $ 620.000 required for the recovery from other types of attacks).
Small businesses were more likely to lose data as a result of a DDoS attack. In particular, 31% of small and medium-sized enterprises reported data loss compared to 22% of large enterprises.
This shows that small and medium enterprises are struggling to implement effective measures to mitigate the threat of DDoS attacks, often due to limited resources.
The term "DDoS" is used for various attack technologies, and methods to prevent such attacks can be difficult to understand and expensive to implement. In analyzing attitudes to DDoS attacks, it is noted that about half of the companies believe that the additional investment in DDoS attacks prevention technologies is worthwhile.
Variety of losses: shutdown, lost deals, data loss
DDoS attacks last for several hours and can cause a service to be stopped altogether. Some attacks may be even more damaging. The 9% of attacks that trigger a service shutdown last between two days and a week, while in 7% of cases the duration reached several weeks or more. However, damage is not limited to shutdown.
According to those surveyed, 32% of serious DDoS attacks coincided with network intrusions. Although it is difficult to trace two different attacks to a single source, the research results demonstrate that DDoS attacks can lead to additional damage, including loss or theftof sensitive data.
“Enterprises need to reassess their knowledge and perceptions of DDoS attacks. The report clearly shows that the scope of damage from such attacks is not limited to the temporary downtime of a corporate website. Companies report total disruption of their operations and – in some cases – the loss of sensitive data. However, many businesses feel that the mitigation strategy is too complex and costly. The solution to this problem is simple: suppliers must take on the technological challenges themselves, offering an easy to application and use solution for their customers. This is the approach we have chosen for the Kaspersky DDoS Protection solution"
commented Evgeny Vigovsky, Kaspersky Lab Kaspersky Lab's Kaspersky Lab Protection Team Leader.
The full version of the investigation into the implications and perceptions of DDoS attacks is available on the Kaspersky Lab website (PDF)