One in Three Companies Suffered One or More Distributed Denial of Service (DDoS) Attacks in Last Twelve Months Finds Research

Motivations for Attacks Differ Dramatically Between UK and US

LONDON, UK., February 23, 2012 — One in three organisations (31%) has suffered one or more Distributed Denial of Service (DDoS) attacks in the last 12 months, according to independent  research commissioned by Corero Network Security (CNS: LN), the leading provider of DDoS Defence and Intrusion Prevention System (IPS)  solutions. The research amongst IT directors in 300 mid-to large-sized enterprises in the UK and US also found US companies were twice as likely as those in the UK to have experienced an attack: 38% of US companies versus 18% of UK companies. 

Conducted by VansonBourne, the research also revealed a much greater level of concern amongst US enterprises, reflecting the increased exposure of US companies to DDoS attack.  Nearly two thirds (63%) of US IT directors said they are concerned about the threat of DDoS attack against just 29% in the UK.  Retail companies in the UK are particularly worried with more than half (52%) reporting a high level of concern about DDoS attacks.  This is far higher than the concern cited by financial organisations (28%), manufacturing (11%) and other commercial sectors (7%) in the UK.

US companies across all verticals showed a heightened level of awareness and concern about attacks. 

Political/ideological motivation was cited as the largest source of DDoS attack among UK companies reporting attacks, with a third blaming what is known as “hacktivism”. The different vertical markets in the UK also revealed a marked variation in the motivations behind attacks. The retail sector in the UK considers financial extortion either for fraud or to extract ransom money to be the primary intention, whilst in the finance sector, political or ideological motives are the main reasons for the attacks. 

In the US, however, a competitor seeking unfair business advantage was by far the leading motivation, as unscrupulous competitors were blamed for more than half (52%) of the DDoS attacks amongst the US companies that reported being victims. In contrast, only one in five victim companies in the UK said competitors were responsible.

Whilst levels of concern about the risk of DDoS attacks varied significantly between UK and US respondents, three in five (62%)  IT directors claimed to have technology in place to protect their organisations against attack.  However more than half (53%) of companies surveyed were still concerned about potential attacks.

“The UK was more cautious in deploying web business assets therefore they have not been as exposed as their US counterparts. As they deploy web applications they tend to do so in a more cautious protected manner and because of this may be experiencing less disruptive DDoS attacks. As the sophistication of attacks rises their numbers will become more in line with the US,” said Richard Stiennon, chief research analyst at IT-Harvest.

“DDoS is a major, growing and evolving threat to global Internet commerce,” said Andrew Miller Chief Operating Officer at Corero Network Security plc in the UK. “High-profile ideologically motivated attacks by groups such as Anonymous have raised awareness of ‘hacktivist’-based DDoS attacks, but any enterprise may fall victim to unscrupulous competitors or cyber criminals. 

“IT directors who believe they are protected against DDoS attack because they have traditional perimeter security technology, such as network firewalls, in place, may be lulled into a false sense of security. These companies should consider purpose-built DDoS defence technology to block attacks and maintain continual availability lest the business suffer significant loss.”