Just one hour of a DDoS attack can cost upwards of £30,000.
According to a report by Incapsula, the average cost of one of these types of attacks costs companies an average of £400,000, and 49 per cent of those studied can last between six and 24 hours. However 86 per cent of respondents said that they last for up to 24 hours.
The survey of 270 North American businesses found that almost half (45 per cent) of the respondents indicated their organisation had been hit at some point. Of these almost all
(91 per cent) reported an attack during the last 12 months, and over two-thirds (70 per cent) were targeted two or more times.
In terms of intent, 40 per cent of participants believe the perpetrators were attempting to flood their organisation’s network, 25 per cent surmised that attackers were trying to cause an outage by targeting specific applications, and 33 per cent believed both were the motivating factors.
Adrian Sanabria, senior security analyst at 451 Research, told IT Security Guru that denial of service and DDoS attacks are still popular because they’re still effective.
“It is simply a question of economics,” he said. “It is incredibly cheap to generate a crippling attack and very expensive to defend against it. As long as that continues to be true, it will continue to be a tool used by those that simply want to do damage. Another way we’ve seen it used is as a distraction – launch a DDoS attack to grab everyone’s attention while the real attack is to hack in and gain access to lucrative data.”
He said that DoS attacks never stop and for years now, there’s never a second of any day 365 days a year, when a DoS attack somewhere and against someone isn’t underway. “It has become a constant white noise of the internet,” he said
The Incapsula report found that anywhere from seven to 15 staff are required when it comes to mitigate an attack, with 27 per cent reporting that their organisation used 15 or more people.
Asked about the “always on” model versus an emergency service, Sanabria said that the “always on” model is absolutely the future of anti-DDoS.
He said: “It was cheaper to just turn something on when you needed it, rather than to pay for it all the time. The problem with this approach was the attack would succeed 100 per cent of the time, since mitigation was a manual process. More and more, we’ll see anti-DDoS becoming a baked-in service.”