The new study explores the attitudes to and preparedness for Distributed Denial of Service (DDoS) attacks of IT managers from organisations in 11 countries and regions around the world. It reveals that 49 per cent of UK organisations have a response plan in place with only eight per cent believing they have sufficient resources in place to counteract an attack.
Furthermore, DDoS attacks are seen as a key concern by more than 36 per cent of UK organisations. Globally the worry is even greater, with almost twice as many organisations feeling threatened by such attacks.
These statistics are shocking given the fact that 41 per cent of organisations were hit by DDoS attacks over the past year, with 78 per cent targeted twice or more in the same year.
DDoS attacks can cause major disruption for organisations; they can take down an organisation’s website, overwhelm a datacentre or generally cause networks to grind to a halt and become unusable. They are also increasingly becoming more complex and difficult for organisations to fend off.
This belief was echoed by 59 per cent respondents, who agreed that DDoS attacks are becoming more effective at subverting their organisation’s IT security measures. Attackers are often adopting hybrid, or multi-vector, attack tactics which involve attacks through multiple platforms. These have increased by 41 per cent during the past year.
Multi-vector attacks pose increased complexity and risk as they involve multiple attack methods deployed simultaneously. These often require a dedicated mitigation team to track and combat the threat across multiple fronts, as automated systems are less likely to be able to offer adequate protection.
Mark Hughes, president of BT Security, said: DDoS attacks have evolved significantly in the last few years and are now a legitimate business concern. They can have a damaging effect on revenues and send an organisation into full crisis mode. Reputations, revenue and customer confidence are on the line following a DDoS attack, not to mention the upfront time and cost that it takes an organisation to recover following an attack. Finance, e-commerce companies and retailers in particular suffer when their websites or businesses are targeted.
The impact that DDoS attacks can have on organisations is felt in the length of time it takes them to recover from their most severe attack. On average, organisations take 12 hours to fully recover from an especially powerful attack longer than an entire working day. In the UK, 58 per cent IT decision makers admit that DDoS attacks have brought down their systems for more than six hours almost a full working day.