DDoS attacks on businesses: Not just once, but many times

DDoS attacks are not a one-off occurrence, with many companies subjected to multiple attacks in the last year, according to the Corporate IT Security Risks 2016 study, an annual survey conducted by Kaspersky Lab in cooperation with B2B International.

The results of the study show how important constant preventive measures are to ensure uninterrupted operations of online services during an attack.

DDoS attacks affected one in six companies over a 12-month period. The construction industry, IT companies and telecommunication services bore the brunt of these attacks. The majority of companies (79%) reported being attacked more than once, while almost half of victims were attacked four times or more.

Attacks on companies are distinguished not only by their frequency but also their duration. 39% of attacks were short-lived while 21% of the companies surveyed said the attacks lasted several days or even weeks.

Furthermore, adding to the reputational damage is the fact that companies often only find out they are under attack after being informed by external parties. In 27% of cases, companies learned about an ongoing attack from their customers and in 46% of cases, it was a third-party audit organisation that raised the alarm. This is not surprising considering cybercriminals usually attack external resources such as customer portals (40%), communication services (40%) and websites (39%).

“It’s dangerous to view DDoS attacks as some rare occurrence that a company may encounter once, by accident and with minimal damage. As a rule, if an attack is successful, the criminals will use this tool against a company over and over again, blocking its resources for prolonged periods of time. Unfortunately, even a single attack can inflict large financial and reputational losses and considering the likelihood of a repeat attack is almost 80%, you can multiply these losses two, three or more times. For a modern company, an anti-DDoS solution is just as necessary as the basic protection against malware and phishing,” says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.