More than two-thirds of organizations experience between 20 to 50 DDoS attack attempts each month, according to Corero Network Security.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 91% of security professionals said that individual DDoS attacks can cost their organizations up to $50,000 in lost business, attack mitigation, and lost productivity. — Corero Network Security, 2018
- 78% of security professionals said the loss of customer trust and confidence is the most damaging effect of DDoS attacks on businesses. — Corero Network Security, 2018
Of the 327 security professionals surveyed, 91% said that individual DDoS attacks can cost their organization up to $50,000 per attack, when accounting for lost business, the cost of mitigation, and lost worker productivity. This is a major problem, as 69% of respondents said their enterprise experiences between 20-50 DDoS attack attempts per month, or roughly one per day.
Despite the monetary impact, the majority of security professionals (78%) said the loss of customer trust and confidence was the single most damaging effect of DDoS attacks on businesses. This was followed by the risk of intellectual property loss, and the threat of malware infection associated with the attack. The lost revenue was only considered to be the fourth most damaging consequence, the report found.
SEE: Incident response policy (Tech Pro Research)
"DDoS attacks can have an immediate and damaging impact on a company's bottom line, both in terms of lost revenue and the costs incurred in terms of manpower required to mitigate attacks," Ashley Stephenson, CEO at Corero Network Security, said in a press release. "Not all DDoS attacks will cost an organisation $50,000, but having your website taken offline can damage customer trust and confidence. It will also impact the ability of sales teams to acquire new customers in increasingly competitive markets. These attacks cause lasting damage to a company's reputation and could have negative consequences for customer loyalty, churn and corporate profits."
Security professionals are more concerned about DDoS attacks this year than in the past, due largely to the increasing number of unsecured Internet of Things (IoT) devices used in homes and offices. These attacks are also becoming more difficult to mitigate, the report found: 66% of security pros said that more than 15 employees are typically involved in stopping the threat after an attack.
DDoS attacks are growing more complex, and sometimes act as a distraction for more serious illegal activity, the report noted. Some 85% of security professionals said they believe that DDoS attacks are used by attackers as a smokescreen for data breach activity, the report found. And 71% said that their organization has experienced a DDoS attack with a ransom.
"Hackers will gladly take advantage of distracted IT teams and degraded network security defences to exploit other vulnerabilities for financial gain," Stephenson said in the release. "Considering the huge liability that organisations can face in the event of a data breach, IT teams must be proactive in defending against the DDoS threat and monitor closely for malicious activity on their networks."
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Memcached DDoS: The biggest, baddest denial of service attacker yet (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Brazil hit by 30 DDoS attacks per hour in 2017 (ZDNet)
- Massive DDoS attack lasts for 277 hours, highlighting growth of extended attacks on businesses (TechRepublic)