What Security Professionals Say About the Nature of DDoS Attacks

Over the past few years, we’ve seen DDoS attacks on what seems to be a never-ending increase. There are numerous causes, from tools becoming so accessible that even children can use them to the simple fact that DDoS attacks don’t require any specific vulnerabilities or weaknesses to exploit.

But, really, how useful is it to know that the next twelve months will likely show yet another growth in the number of DDoS attacks? Knowledge of increasing attacks doesn’t equal better protection or mitigation.

Instead, we all need to focus on the nature of DDoS attacks – where they’re targeted, why they happen, and our attitudes towards them.

At the Infosecurity Europe conference in London, 100 security professionals were asked for their observations. These were the results:

DDoS attacks are widespread, from start-up to government

For many years, large-scale DDoS attacks were considered as something for financial institutions and governments to worry about. Botnets were more difficult and time-consuming to configure – the attackers with the necessary skill set focused their attention on the most visible or financially lucrative targets.

Today, security professionals say anyone could be a target.

More than half of survey respondents said that the UK’s Brexit negotiations would be affected by DDoS attacks, either through disruption or using DDoS attacks as a distraction from data theft.

On the smaller, more localised end of the spectrum, individual businesses are being targeted for the sake of ransom. Almost half of the professionals expected their own businesses to receive a DDoS-based ransom demand in the next twelve months – and more than 60% said their leadership was likely to pay.

Every business is a target. Every business needs effective protection.

Compliance highlights the consequences of DDoS

In a DDoS attack, operations are disrupted or stopped, critical systems may go offline, and delivering effective customer service becomes impossible. This may translate fairly immediately into lost revenue and a tarnished reputation.

According to IT security professionals, the increasing presence of regulatory compliance adds new levels of pressure to handling DDoS attacks. 63% said they were worried about the hidden effects of DDoS attacks on a network, such as data theft, in light of the fast-approaching GDPR deadline.

DDoS attacks have always been damaging but, with severe penalties for failing to comply to standards like GDPR, the potential impact is bigger than ever.

Businesses recognise the need for DDoS mitigation

Internet Service Providers still have a key role to play in protecting customers against DDoS threats. The survey shows overwhelming expectations for increased ISP regulation around DDoS in the future.

However, more and more businesses understand that ISP’s are not solely responsible for analysing and scrubbing malicious traffic. 60% of respondents considered their own security teams fundamentally responsible for handling the DDoS threat – a sense of accountability that’s historically been lacking in individual businesses.

As businesses take on more responsibilities, demand for DDoS detection and protection is growing. But finding cost-effective yet capable solutions remains a difficult challenge. Even among security professionals, less than a third of teams have enough visibility to mitigate attacks that last less than 30 minutes.

Corero Network Security is the leader in real-time, high-performance DDoS defence solutions. Service providers, hosting providers and online enterprises rely on Corero’s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available.

Written by