agsandrew - Fotolia
More than seven in ten global brands were hit by distributed denial of service (DDoS) attacks in 2015, a report has revealed.
Few organisations were spared DDoS attacks, according to the latest survey by communications and analysis firm Neustar.
The survey of 1,000 IT professionals revealed that 73% reported DDoS attacks in 2015, with 82% suffering repeated attacks and 57% suffering subsequent theft.
With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen – but how often and how long the attack will last, the report said.
Faced with this ongoing onslaught, the report demonstrated that increasingly DDoS-defence savvy organisations are arming themselves accordingly.
The research results show that – although revenue loss caused by a DDoS-related outage is usually the main concern – 57% of all breaches involved some sort of theft.
This includes the theft of intellectual property, customer data, financial information and money. Following the initial attack, 45% of organisations reported the installation of malware.
Half the organisations polled said they would lose at least $100,000 an hour in a peak-time DDoS-related outage, with a third saying they would lose more than $250,000 an hour; while 42% said they needed at least three hours to realise they were under DDoS attack.
Read more about DDoS attacks
- Average DDoS attacks fatal to most businesses, report reveals.
- There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.
- Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.
- Attackers have discovered new ways to conduct DDoS attacks. Expert Nick Lewis explains how they work, and what enterprises can do about them.
Companies organise to fight back
The research highlights the fact that, although DDoS attack tactics continue to evolve from single, large attacks intended to take a website offline to multi-vector attacks, organisations are fighting back.
The report shows that 76% of companies are investing more in DDoS protection than in 2014 and 47% of the attacked organisations are participating in security groups to share information on threats and counter measures.
More than 70% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack. As a result, 79% of financial services organisations are investing more in DDoS protection this year.
“The findings of our most recent report are clear: attacks are unrelenting around the world but organisations are now recognising DDoS attacks for what they are – an institutionalised weapon of cyber warfare – and so are protecting themselves,” said Rodney Joffe, head of IT security research at Neustar.
“We present the data from our third DDoS survey as a means to inform the public of the dangers associated with DDoS attacks, and advance a conversation about the importance of multi-layered cyber security.
“This should be a discourse that reaches from security through to marketing as, when a DDoS attack hits, the reverberations are felt like a domino effect throughout all departments,” he said.
The future of IoT security
For the first time the survey asked respondents to consider what the future portends for companies deploying IoT connected devices, providing insight into why security needs to be a central tenet for devices in the future.
The survey found that, while 63% of companies have internet of things (IoT) devices already deployed, only 34% have security measures in place – indicating the IoT is opening up threat vectors with too few organisations focused on preventing connected devices from being compromised.
Hank Skorny, Neustar IoT expert, said that, although IoT is already here, the internet was never built with security in mind. “By 2017, 81% of organisations will have devices deployed to collect and analyse data, so today we have the opportunity to learn from our mistakes and make security a cornerstone of every IoT device moving forward,” he said.
From design conception, said Skorny, every IoT device, sensor and software system needs a multi-tiered security driven approach – including timely patches and updates.
“Just as important, or perhaps more so, is for security to be an intrinsic part of every network. Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network,” he said.
“As IoT devices continue to become ingrained into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are simply too high to leave security to chance."