The Corporate IT Security Risks 2016 study shows that for the majority of victims DDoS attacks are not a one-off occurrence, with many companies subjected to multiple attacks in the last year. This just goes to show how important constant preventative measures are to ensure uninterrupted operation of online services during an attack.
DDoS attacks affected one in six companies over a 12-month period. The construction industry, IT companies and telecommunication services bore the brunt of these attacks. The majority of companies (79%) reported being attacked more than once, while almost half of victims were attacked four times or more .
Attacks on companies are distinguished not only by their frequency but also by their duration: 39 percent of attacks were short-lived, while 21 percent of the companies surveyed said the attacks lasted several days or even weeks. Further adding to the reputational damage is the fact that companies often only find out they are under attack after being informed by external parties. In 27 percent of cases companies learned about an ongoing attack from their customers, and in 46 percent of cases it was a third-party audit organization that raised the alarm. This is not surprising considering cybercriminals usually attack external resources such as customer portals (40 percent), communication services (40 percent) and websites (39 percent).
“It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident, and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and, considering the likelihood of a repeat attack is almost 80 percent, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing,” said Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.