Research from Kaspersky Lab has found that businesses are not ready to protect themselves against DDoS, with four in ten (39 percent) businesses unclear about the most effective protection strategy to combat this type of attack.
DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business critical processes to a stop. However, the research found that nearly a fifth (16 percent) of businesses are not protected from DDoS attacks at all, and half (49 percent) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods.
Large-scale cyberattacks are now commonplace, such as the recent attacks on the servers of Dyn, which brought down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33 percent) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18 percent) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43 percent) saying regulation is the reason they protect themselves.
The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40 percent) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30 percent) think data centre / center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behaviour, require an expert approach.
Moreover, the survey found that a third (30 percent) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12 percent) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch.
The research was part of the Corporate IT Security Risks survey, conducted by Kaspersky Lab in cooperation with B2B International. More than 4,000 representatives of businesses from 25 countries were surveyed on their views on IT security and real incidents they had to deal with.www.kaspersky.co.uk