As costly as DDoS attacks can be for businesses in terms of mitigation, site restoration, and even lost revenues, the most damaging effect is the loss of customer trust, according to nearly half of IT security professionals surveyed by Corero. The company’s second annual DDoS Impact Survey also highlights the risk of small-scale DDoS attacks, which have become cheaper and easier for attackers to deploy, and therefore more common.
Those attacks can have major negative consequences for businesses, even without direct revenue losses. Forty-five percent of those surveyed said losing customer trust and confidence is the most damaging consequence of DDoS attacks, while 34 percent said their business suffered most from lost revenues.
“Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks,” Dave Larson, COO at Corero Network Security said in a statement. “The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and—more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware.”
“Network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market,” Larson said. “When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.”
Small attacks are also worrying for cybersecurity professionals because of their frequency, and almost one-third of respondents are experiencing network attacks weekly or even daily. Larson said small attacks can go unnoticed by scrubbing solutions, and that many organizations are not aware they are being attacked frequently.
While 30 percent of those surveyed rely on upstream service providers for DDoS protection, 85 percent indicated a desire for more DDoS security services from those providers, and half said they would pay their ISP for a premium service blocking DDoS traffic before it reaches them. Over one-third said they would allocate 5 to 10 percent of their current ISP spend to such a service.
With 30 percent now using traditional infrastructure products like firewalls and load balancers to protect against DDoS attacks, despite the evidence that they do not work, Corero sees a big potential market for its DDoS inspection and mitigation solutions.
Companies suffering costly DDoS attacks recently include DIY website builder Moonfruit and encrypted email provider ProtonMail. Time will tell how damaging the attacks are to their customers’ trust and confidence.