Corero Network Security has unveiled research from this year’s RSA showing that the most damaging consequence of DDoS attacks is the loss of customer trust.
After polling tech decision makers at RSA, Corero also foud that 34% of respondents felt loss of revenue was the biggest threat.
Dave Larson, Coerero’s chief operating officer, informed us that ‘network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market. When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.’
DDoS attacks make the media regularly, but get much more attention when there’s actually a firewall failre or a service/website is fully derailed. However Corero’s recent research has found that that there’s been a huge increase in sub-saturation attacks – those which are part of alrge plan, designed to knock one particular aspect of a service or site down as other nefarious activities take place or intelligence is gathered on behalf of the attackers.
Larson noted that small DDoS attacks often escape the radar of traditional scrubbing solutions. Many organizations have no systems in place to monitor DDoS traffic, so they are not even aware that their networks are being attacked regularly.
‘Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks,’ said Larson. The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and-more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware.’
Corero also found that many companies rely on upstrea providers to eliminate the attacks, with 30% of respondents saying this was their technique for protection. 85% of those surveyed believe their upstream provider should offer this protection as a service to their subscribers – over half of respondents said they’d pay their provider for this as a premium service.
When looking at the current methods of handling the DDoS threat used by companies, nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. ‘Those companies are very vulnerable to DDoS attacks because it’s well-documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks,’ said Larson.