The Corporate IT Security Risks 2016* study shows that for the majority of victims, DDoS attacks are not a one-off occurrence, with many companies subjected to multiple attacks in the last year. This just goes to show how important constant preventative measures are to ensure uninterrupted operation of online services during an attack.
DDoS attacks affected one in six companies over a 12-month period. The construction industry, IT companies and telecommunication services bore the brunt of these attacks. The majority of companies (79 per cent) reported being attacked more than once, while almost half of victims were attacked four times or more.
Attacks on companies are distinguished not only by their frequency, but also their duration: 39 per cent of attacks were short-lived, while 21 per cent of the companies surveyed said the attacks lasted several days or even weeks. Further adding to the reputational damage is the fact that companies often only find out they are under attack after being informed by external parties. In 27 per cent of cases, companies learned about an ongoing attack from their customers, and in 46 per cent of cases it was a third-party audit organisation that raised the alarm. This is not surprising considering cybercriminals usually attack external resources such as customer portals (40 per cent), communication services (40 per cent) and websites (39 per cent).
"It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident, and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and, considering the likelihood of a repeat attack is almost 80 per cent, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing,"says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.
*Corporate IT Security Risks is the annual survey conducted by Kaspersky Lab in cooperation with B2B International. In 2016, we asked more than 4,000 representatives of small, medium and large businesses from 25 countries about their views on IT security and real incidents they had to deal with.