What is at risk in a DDoS attack on an enterprise website or network? Certainly, there is a financial risk, as revenue will likely be lost as a direct result of the attack. There is the cost of remediation, and affected customers may have to be compensated. There is a legal risk if confidential user data is compromised. Service providers may face financial and legal consequences if they have failed to live up to their SLAs. Then there are intangibles, such as damage to a company’s brand or reputation that will show up down the road in the form of a lost business and falling stock prices.
The consequences of DDoS attacks are severe – and getting worse, according to NETSCOUT Arbor’s 13th annual Worldwide Infrastructure Security Report (WISR). The number of survey respondents reporting revenue loss as a business impact of DDoS attacks nearly doubled in 2017. Those who reported the cost of internet downtime at $501 to $1 000 per minute increased by nearly 60%. Around 10% of enterprises experienced an attack with an estimated cost greater than $100 000, five times more than the previous year. More than half of respondents experienced a financial impact between $10 000 and $100 000, almost twice as many as in 2016. And 57% cited damage to their reputation or brand as the primary business impact of an attack.
Rising C-Level Threat Awareness
As DDoS risks are rising, however, so is management awareness. High-profile DDoS attacks have led to a better understanding of the threat at the executive level. In 2017, 77% of enterprises reported that DDoS was either a part of their business or their IT risk assessments. This is a positive and encouraging trend. It indicates that business leaders are recognizing DDoS protection as a risk management issue.
Companies devote substantial resources and expertise to managing their financial, regulatory, business and market risks and exposure. It’s time to adopt the same posture toward their cyber-security risks, particularly as more of their business goes online, or is dependent on networks connected to the public internet. Do you have the controls in place to ensure continuous service availability and mitigate against the financial, legal and reputational risks that a DDoS attack poses?
More Digital, More Vulnerable
A buzz phrase we hear a lot these days is “digital transformation.” Businesses are investing in technologies that make their operations more efficient through automation, virtualization, the cloud and connectivity. Many are creating new, digitally powered business models that would not have been possible without the convergence of these technologies. Yet security measures are not always keeping pace with this transformation. Internet of Things (IoT), applications, networks and devices are proliferating faster than efforts to secure them, making them ripe targets for attackers. The very technologies that make service delivery more efficient also make enterprises more vulnerable to attacks.
Part of the reason attacks are becoming increasingly devastating is that they are growing in size and complexity. Actors may employ a combination of attack methodologies and strike different attack vectors. Today’s multi-layer threats might combine a large-scale volumetric attack, which seeks to overwhelm bandwidth through sheer force, with stealthy attack targeting some aspect of an application or service at Layer-7. These are the deadliest kind of attacks as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate).
Multi-Layered Attacks Call for A Multi-Layered Defense
Effective DDoS protection requires countermeasures against any and all types of threats. A fully managed hybrid DDoS solution, integrating dedicated on-premise protection with cloud-based mitigation capabilities, is widely considered best practice in DDoS defense. The on-premise component provides sufficient detection and mitigation capabilities against the vast majority of attacks, including application-layer and state-exhaustion attacks which target firewall, IPS and other stateful infrastructure. The cloud component is needed to provide the capacity to counteract large volumetric attacks, which are escalating as high as 600 to 800 Gbps in size. In the hybrid scenario, the two components are intelligently integrated so that cloud mitigation is automatically activated when an attack reaches a designated threshold.
This year’s WISR data underscores the mounting consequences of DDoS attacks – lost revenue, lost customers and lost credibility. An investment in dedicated DDoS protection is an effective hedge against one of your business risks: the loss of service availability and the rippling consequences that result.