Distributed Denial of Service (DDoS) attacks, such as those that have had the financial sector on high alert since September, make the headlines on an almost daily basis. With some of the biggest organizations in the world falling prey to the tactic, one might think that many - if not most of the general public - has at some point been inconvenienced by a DDoS attack. Yet according to a new study commissioned by Public Interest Registry (PIR), the nonprofit operator of the .ORG domain, the majority of Americans (85%) are "uninformed or ill-equipped to deal with a DDoS attack."
The survey also revealed that only 17% of respondents understood what the acronym D-D-o-S stands for, and 77% admitted flat out that they really had no idea what the commonly used abbreviation even means.
“These findings only show that there is real misunderstanding about DDoS across all ages and levels of expertise, so we must do our part to engage with other Internet service providers and registry operators worldwide to discuss how we can be better prepared and prevent future attacks,” said PIR CEO Brian Cute in a press release on the study.
Additional findings from the PIR study reveal:
- The higher the household income, the more knowledgeable Americans were on the subject of DDoS attacks
- Respondents with college degrees were not more likely than those without a degree to correctly identify DDoS or know how to respond to an attack
- Men were generally more informed on the subject of DDoS attacks than women, with 24% correctly identifying DDoS as a type of network attack compared to 10% respectively
- Only 36% of Americans would know where to consult in the event of a DDoS attack, and of those nearly half of respondents 65 years and older know where to find help, compared to only 28% of those 18-24 years old
“It’s in all of our interests – public and individual – to ensure that the Internet remains a safe and protected place for all users... At PIR, we pride ourselves on being a name that people trust, and we’re committed to helping strengthen the safety and security of the Internet by providing the information people need to protect themselves from these attacks,” Cute said.
DDoS attacks are known to be increasing in both frequency and severity. A recent study by the Poneman Institute and security provider Radware found that as many as 65 percent of organizations reported being the victim of at least three DDoS attacks in the past 12 months. Another study carried out by Vanson Bourne earlier in the year found that 38% of enterprise survey respondents experienced at least one attack in the past 12 months, and both studies found that the attacks were fairly evenly spread across all industry sectors.
"No organization connected to the Internet is exempt from possibly experiencing a DDoS attack,” said Stephen Gates, Security Evangelist at Corero Network Security.
Gates notes that today’s traditional technologies like firewalls and IPS solutions were not designed to stop application layer DDoS attacks, and that many of the attackers know this. In fact, in some DDoS attacks, network disruptions may not even be the end goal, as the attackers may be seeking to create a diversion in order to penetrate a network and carry out a more serious attack. Gates says that in order to do that, they may actually target the network's firewall.
"What organizations put in place to protect them actually is being used against them," said Gates. "A new first line of defense has to be put in place to stop unwanted traffic before it hits the firewall and IPS – allowing those technologies to do the jobs they were built to do."
Those concerned about their organization's potential for exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test, which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment, which employs a series of analytical algorithms, can be conducted in a matter of minutes by following the instructions here: DDoS Preparedness Test