According to a research carried out by Kaspersky Lab and B2B International, only 50% of companies regard countermeasures against DDoS attacks as an important component of IT security. It means that the other 50% of companies may prove to be unprepared for a sudden attack, which could damage both their finances and their reputation as a result of the unavailability of Internet services.
A total of 3,900 respondents from 27 countries –including representatives from companies of all sizes–took part in the survey.
Different industries have different views on how important it is to protect against DDoS attacks. For example, 60% of financial institutions, energy companies and utility services are conscious of the need of protection against DDoS attacks. This is the highest percentage of any industry, according to Kaspersky Lab. But it seems quite low considering that IT continuity is critical for these structures as they affect the well-being of many people. There is also a noticeable difference of opinion among different sized organizations: only 38% of small businesses consider protection against DDoS attacks an important component of IT security, but for big companies this figure reaches 60%.
In recent years, DDoS attacks have become a common tool for cybercriminals and their clients. There are many different reasons for organizing these attacks – hooliganism, dishonest competition, blackmail, etc. Currently the price to order a large-scale attack starts from just $50. Each year brings increasing numbers of DDoS attack schemes, so IT professionals at any company need to consider ways of protecting against them. According to the research, 23% of companies include maintaining the continuity of business processes in the top 3 most important tasks of their IT services.
Interestingly the survey found no clear correlation between the level of threat faced in reality and the recognition of the need for DDoS protection. For instance, the sectors with public facing online services most affected by these incidents included IT companies (49%), e-commerce (44%), telecom (44%) and the media (42%). At the same time, countermeasures against DDoS were named as important by 53% of telecoms companies, 50% of IT businesses and only 41% of e-commerce and 38% of media companies. The figure for the media was the lowest comparing to any other segment, despite being among the four most frequently attacked industries. However, if media organizations are unable to access and provide Internet services they are severely restricted in their core business activities. One recent case affected Serbian website InSerbia News, which in October of this year was unavailable to the readers for several hours because of a continuous attack.
“Even if a company does not have a public-facing website, its finances and reputation can be seriously affected by DDoS attacks. It is known that DDoS can be organized not only to incapacitate online services or for ransom but also to mask other cybercriminal activities such as targeted attacks on the company to gain access to its confidential data. Therefore, protection against DDoS attacks is not reinsurance but a logical precaution important for any company that has business processes dependent on Internet services. To provide this protection, companies should use specialized solutions from vendors who have a wealth of experience and expertise in combating cyberthreats”, said Eugene Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.
[Download PDF]- Global IT Security Risks Survey 2014- Distributed Denial of Service (DDOS) Attacks