DDoS attacks run rampant: Can anything stop them?

One of the oldest weapons in a hacker’s arsenal is still one of the most effective: the Distributed Denial of Service (DDoS) attack. 

Almost half of all companies responding to an Arbor Networks survey reported being the victim of a DDoS attack. The ways these attacks were conducted were almost as varied as the reasons for them.

Victims reported that among other things, attacks were motivated by:

  • nihilism or vandalism (37%)
  • criminals demonstrating their abilities to potential customers (28%)
  • misconfiguration/accidental (21%)
  • rival organizations (21%), and
  • extortion attempts (20%).

While 88% of attacks lasted less than one hour, an outage of any length can have a serious impact on the bottom line. And to make matters worse over a third of organizations had their firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack according to the report.

Preventing DDoS attacks

There are plenty of options out there for preventing or limiting the effects of a DDoS. That’s the good news.

The bad news: These won’t come cheap, and it’s hard to say when you’ll need them.

For many small and midsize businesses, the most realistic threat from a DDoS comes from extortion. Hackers contact you warning they’ll take out your services unless they’re paid a bribe in exchange.

According to Arbor Networks, the most common attack mitigation techniques were:

  • intelligent DDoS mitigation systems (70%)
  • access control lists (63%)
  • destination-based remote triggered blackhole (43%), and
  • firewalls (40%).

How effective any of these measures are (or how effective any combination of them is) is difficult to estimate. Failed attempts or attacks that were deemed unrealistic won’t always show up. But those who did suffer attacks had a variety of fallout, including:

  • operational expenses (40%)
  • reputation damage/customer loss (37%), and
  • revenue loss (20%).

In short, these attacks have stuck around for a reason. And while there’s no silver bullet, it’s still up to companies to have a plan in place for mitigating attacks or a plan for how much of a business disruption can be tolerated instead.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy