A recent TripWire study highlights the growing problem of cyberattacks, and whether IT staff feel that their companies have the right combination of skills and technology to cope with various types of cyber threats. Top concerns were (in order of importance) ransomware, distributed denial of service (DDoS) attacks, malicious insiders, phishing and vulnerability exploits.
According to the study, 60% of IT professionals surveyed felt that they have the right skills to defend against distributed denial of service (DDoS) attacks, and 63% felt they have the right technology to handle such attacks. That’s a slim majority of the sample; given the increasing prevalence of DDoS attacks, it’s not very reassuring to think that 40% of IT security professionals feel ill-equipped to handle a DDoS attack. One wonders how their customers would feel if they knew that.
Granted, some companies are more vulnerable to DDoS attacks than others. Internet Service Providers and Hosting Providers typically experience DDoS attacks on a daily basis, partly because they have such large surface areas for attacks, and partly because an attack on them can affect multiple downstream customers (sort of like “killing two birds with one stone.”) However, regardless of one’s profile or attack surface, every network is vulnerable to a DDoS attack. Hackers have many motives, but essentially their goal is to either steal your sensitive data or crash your website.
DDoS attacks come in all sizes, great and small. Most companies fear the large, volumetric attacks that can crash a website or network. However, such attacks are relatively uncommon. More common are the short, sub-saturating attacks that can mask a security breach. Because most companies possess some form of sensitive data—whether it is customer credit card information, email addresses, social security numbers, or intellectual property—most companies should be concerned about DDoS attacks because they can open the door to security breaches.
Companies face a myriad of cyber threats, but DDoS attacks are both a web availability threat and a security threat. If 40% of companies lack the skills or technology to handle a DDoS attack, that’s cause for concern, for both the companies and their customers. (A Corero survey indicates that loss of customer trust and brand reputation are consequences of DDoS attacks.)
For more information, contact us.