DDoS Attacks are Increasing in Frequency and Severity - Study

Anthony Freed
By | November 16, 2012

Posted in: Network Security Trends

What’s this? Another bout of website downtime? It could be just a glitch, a hardware component failure, or a pesky case of file corruption, but more than ever it is likely to be the result of a Distributed Denial of Service (DDoS) attack like those that have had the financial sector on high alert since September. A newly released study conducted by the Poneman Institute and Radware reveals that as many as 65 percent of organizations reported being the victim of at least three DDoS attacks in the past 12 months. And despite the fact that the attacks can cost businesses tens of thousands of dollars for every minute of downtime, less than half of the organizations in the study reported that they are actively monitoring their networks for warning signs of an oncoming DDoS attack.

“The average amount of downtime after a DDoS attack is 54 minutes which can cost an organization $22,000 per minute,” Avi Chesla, Chief Technology Officer for Radware, told Security Bistro. “Unfortunately, there is no shortage of cyber attacks and we are being outpaced. They are rising exponentially and not enough organizations are vigilant enough to monitor them. In order to prevent these attacks, you need to be extremely proactive in your approach as well as have a multi-layered attack mitigation plan in place and a response team that is trained to work ‘under-fire’ for a long attack campaign period. In essence, you need to work smarter and not harder.”

The Poneman study, titled Cyber Security on the Offense: A Study of IT Security Experts, surveyed more than 700 IT security practitioners responsible for managing their organization’s cyber security needs at companies across multiple verticals including financial services, the public sector and healthcare providers. Findings show that DDoS attacks cost companies around 3.5 million dollars every year in lost traffic, diminished end-user productivity, and lost revenues.

Participants also noted a recent shift in their organization’s security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats, unlike the past few years where many organizations focused on confidentiality and integrity-based attacks. Stephen Gates, Security Evangelist at Corero Network Security, confirms that the findings are consistent with results from a study commissioned by Corero that measured a marked increase in DDoS attacks across all sectors.

“DDoS attacks are on the rise and they are increasing in frequency and severity.  According to the study carried out by Vanson Bourne earlier in the year we observed that 38% of survey respondents experienced at least one attack in the past 12 months and the attacks were spread across all sectors. No organization connected to the Internet is exempt from possibly experiencing a DDoS attack,” Gates said.

The majority of respondents in the Poneman study gave their organizations an average or below average rating where the ability to launch counter measures is concerned, with 75% of organizations only relying on anti-virus and anti-malware to protect themselves from attacks, solutions which are not effective against DDoS attacks and highlight the need for innovative approaches to network defense.

Gates also points out that in addition to the common flooding attacks, the newer “low-and-slow” application layer DDoS attacks which fall below the bandwidth consumption radar are growing in frequency and require a new approach.

“Today’s traditional technology, like firewalls and IPS solutions, were not built to stop application layer attacks and the attackers know this. In fact, the DDoS attack may not be the end goal. Attackers may be launching one to cause a diversion in order to penetrate the network and carry out a more insidious attack. And to do that they sometimes actually target the firewall, for example. So what organizations put in place to protect them actually is being used against them. A new first line of defense has to be put in place to  stop unwanted traffic before it hits the firewall and IPS – allowing those technologies to do the jobs they were built to do,” said Gates.

You May Also Be Interested In: