In February 2013, Neustar, a trusted, neutral provider of real-time information and analysis, surveyed 704 IT professionals across North America and Europe to understand how companies are managing the crisis around DDoS attacks and measuring the impact on their businesses.
Among the key findings from the survey, 35% of organizations experienced a disruptive DDoS attack in 2012. Of those surveyed, a staggering 39% of retailers and 41% of ecommerce businesses experienced an attack last year. Additionally, more than a quarter of respondents (26%) indicated a DDoS outage could cost between $50-100k per hour, further showcasing the need for a strategy around DDoS protection and mitigation.
“Preparation is key: The consequences of being unprepared to mitigate a DDoS attack can be crippling to businesses,” said Alex Berry, Senior VP, Enterprise Services, Neustar. “It isn’t just about possible revenue loss – it’s about erosion in trust, brand value and reputation.”
Additional survey findings include:
- Key sectors reported higher rates of attack: The number of retailers experiencing an attack increased by 144 % from 2011 levels to reach an overall level of 39% in 2012; financial organizations experienced a 38% increase in attacks year-to-year with 44% of financial organizations being victimized in 2012.
- Though more companies are deploying DDoS protection—only 8% had no protections in place compared to 25% in 2011—few have invested in purpose-built hardware or third-party expertise.
- The latter is alarming; while 66% of companies use firewalls, routers and switches for DDoS protection, these networking products create bottlenecks that actually aid attackers.
The survey found a 10% increase year-to-year in the use of firewalls, switches and routers as defensive mechanisms, but the reality is that these means can compound the effects of DDoS attacks by bottlenecking the traffic.
According to an IDC Research report from February 2013: “Given the complex nature of today's threats, enterprises can achieve a strategic advantage by employing a new layer of security that is services based. Cloud-based services are an important aspect of this approach to security and provide always-on monitoring without the added expense of buying and maintaining on-premise equipment.”