As they face an onslaught of constantly evolving cyber threats to their organizations, CISOs must make decisions about which ones pose the greatest risk, how to best defend against them, and how to budget for each category of threat. Distributed Denial of Service (DDoS) attacks are now high on the list of dangerous threats. A DDoS attack occurs when multiple compromised systems are used to launch an attack on a single target, overwhelming it with junk traffic that takes it offline, or significantly degrades its performance. Either scenario can also distract IT teams to give black hat hackers the chance to exploit other vulnerabilities, to steal data or infect a network with various forms of malware.
There are two main reasons DDoS attacks remain a perennial problem for CISOs: 1) because they are easy and inexpensive to execute, and 2) they can cost an organization millions of dollars in terms of remediation costs, lost revenue, lost productivity, loss of market share, and damage to brand reputation. Some costs can be quantified more easily than others.
Loss of revenue
Downtime can be extremely costly, depending on the type of business and the size of the organization. One hour of downtime for a financial institution versus an hour of downtime for a university network may incur very different costs, but the impact on customers or users is significant in either case. In the past year, Veeam software reported that an hour of downtime from a High Priority application is estimated to cost $67,651, while this number is only a little lower at $61,642 for a normal application. With such a balance between High Priority and Normal in impact costs, it’s clear that “all data matters” and that downtime is intolerable anywhere within today’s environments.” For further evidence of the increasingly costly impact of enterprise server downtime, see this Statistica report for 2019.
Lost productivity
When a business application or service is degraded, or worse, is taken offline completely, that usually means employees can’t work as efficiently, or in many cases, at all. This has become particularly apparent during the COVID-19 pandemic, as a much larger percentage of employees now work remotely and depend on reliable connectivity to collaborate with their colleagues. When factoring in the overall cost of a DDoS attack, CISOs should consider the cost per hour of employee downtime.
Remediation costs
Scrambling to recover IT systems during and after a DDoS attack incurs additional labor costs, such as overtime or the need to use outside consultants. And, the fallout can affect more than just the IT staff; a DDoS attack and the associated downtime can impact a company’s public relations, and strain existing customer support teams who may be scrambling to respond to customer complaints or requests.
Damage to brand reputation
Some industries — such as gaming, hosting, datacenters, and financial services — rely heavily on their reputation for service availability. If customers can’t trust that a vendor will be consistently online and available, they can easily spread the word online, via Google Reviews or other social media channels. To acquire new customers in a highly competitive market a company must maintain a positive reputation.
Loss of market share
DDoS attacks can create customer churn. When an end user is denied access to Internet-facing applications, or if latency issues obstruct the user experience, it can impact the bottom line, because customers who can’t rely on a company to provide consistent service may go elsewhere to conduct their business.
Ransom costs
Although ransomware is a distinctly different type of cyber-attack, in recent years DDoS attackers have increasingly paired DDoS attacks with ransom demands, i.e., attackers threaten an organization by holding their files hostage and threatening to launch a DDoS attack on top of that, unless the organization pays an exorbitant bitcoin ransom fee. It’s not wise to pay a ransom fee, but let’s face it, sometimes companies do. It’s usually not something that makes the news, because organizations don’t want to publicly admit that they have paid a ransom. One exception was the Colonial Pipeline incident earlier this year, in which the company paid $5 million USD in ransom to be freed from its hostage position. And as was the case recently with Ireland’s Health service agency, sometimes cybercriminals test a system by launching DDoS attacks before they install ransomware.
How to Avoid Downtime
DDoS attacks can be short, or long-lasting. Obviously, long-lasting attacks can be more costly, but it’s important to not underestimate the damage that shorter attacks can incur, especially if they are recurrent. Time to mitigation is a significant factor; even seconds of degraded network performance or complete downtime can impact an organization. To defend against either small or large DDoS attacks, instant detection and mitigation is necessary, and that can be accomplished only by having a fully automated, always-on, real-time DDoS mitigation solution.