Distributed Denial of Service (DDoS) attacks are rising, with over 33% of organisations facing a DDoS attack in 2017 – compared to 17% in 2016.
According to Kaspersky Lab’s Global IT Security Risks Survey 2017, this development in the cyber threat landscape means businesses are vulnerable to a DDoS attack.
The report found 50% of businesses claim the frequency and complexity of DDoS attacks targeting organisations like theirs is growing every year; 33% of organisations experienced an attack in 2017 – double the amount in 2016; 20% were very small businesses, 33% MBs and 41% enterprises.
Although figures for this year show companies are more likely to experience just one attack – in 2016, 82% faced more than one DDoS attack, compared to 76% this year.
‘Failure of transactions and processes ‘
26% of the organisations that have been hit by DDoS attacks reported a significant decrease in performance of services, and 14% said there was a failure of transactions and processes on affected services.
Many companies also claim that DDoS attacks are being used to cover-up other types of incident – leading to severe financial and reputational damage. In the first half of 2017, over 50% of those respondents affected by a DDoS attack claimed that it was used as a smokescreen.
50% reported that the attack hid a malware infection; 49% said that it masked a data leak or theft; and 42% said that the DDoS attack was used to cover up a network intrusion or hacking.
‘Hiding financial theft’
Another 26% of businesses reported that the attack was hiding financial theft.
Russ Madley, Head of Kaspersky Lab UK, said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take DDoS attacks seriously as they are one of the most popular weapons in a cybercriminal’s arsenal.
“They can be just as damaging to a business as any other cyber crime, especially if used as part of a bigger targeted attack. The ramifications caused by these types of attacks can be far-reaching as they’re able to reach deep into a company’s internal systems.
“Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity.”
Written from press release by Leah Alger