Over half of all UK telecommunications and ecommerce firms surveyed experienced downtime due to DDoS attack last year
United Kingdom: Neustar, a trusted, neutral provider of real-time information and analysis has announced its findings from DDoS Threats in the UK, a survey of IT professionals across the United Kingdom to understand the impact of DDoS attacks and how companies are managing the crisis. Among the key findings from the survey, a staggering 22% of UK companies were found to have experienced a disruptive attack in 2012. In key industries, the risk of attack varies with 53% of telecommunications firms and 50% of ecommerce businesses surveyed reporting attacks last year.
When DDoS attacks hit, organisations are thrown into crisis mode – from IT departments right through to call centres, boardrooms and beyond. Attacks can inflict a grave toll on revenues, but the damage often goes further than financial loss. Brand value erodes, along with public reputation and customer trust. To establish genuine insight into the impact of these attacks, Neustar surveyed 381 UK-based IT professionals in security, compliance or management roles in April 2013, with respondents sharing details about attacks, defences and financial losses.
Survey findings include:
· 22% of UK companies surveyed experienced a disruptive attack in 2012, compared to 35% of respondents in a recent Neustar North American survey. Overall, UK respondents claimed that over a third (37%) of these attacks lasted more than 24 hours. Overall, UK attacks tended to be longer than in North America, with 22% lasting over a week versus 13% in North America.
· Key sectors reported higher rates of attack: Among those companies attacked, the highest percentages were found in telecommunications (53%), ecommerce (50%) and online retail (43%). By contrast, the North American survey found the financial sector to be the most targeted with 44%, versus 17% in the UK. Neustar notes that the recent attacks on US banks are the likely reason for this disparity, but these attacks have opened the doors for others to mimic the tactics, such as recent DDoS attacks against Dutch banking systems in April 2013.
· Downtime hits the bottom line: DDoS attacks inflict a grave toll on revenues regardless of industry, but the survey found that some suffer more than most. The industries with the highest losses from an outage were financial services and telecommunications companies. Respondents from the financial sector noted that 26% of all attacks have a revenue impact of more than £100,001.
· Attacks come in all sizes: DDoS attacks have grown to be massive in size– like nothing seen before. It’s these attacks that make the headlines, but smaller attacks are the norm with 70% saying attacks were under 1Gbps. However, well-crafted, multi-vector attacks as small as 2Gbps are enough to take down most sites.
As DDoS attacks continue to become both more frequent and complex, UK businesses need to adopt the right mix of people, processes and technologies to counteract these attacks and minimise downtime. The Neustar survey found that as many as 20% of responding UK companies have no DDoS protection in place, with a high reliance on switches, routers and firewalls which are simply not designed to withstand an attack.
Alex Berry, Neustar Senior Vice President, Enterprise Services, explained, “DDoS attacks will continue to be part of the modern threat landscape because they are easy and relatively low-cost to perpetrate. They continue to be a threat to both large and small firms in all industries. Some of the recent large attacks have opened doors for even more malicious attackers to adopt similar tactics and Neustar fully expects to see the impacts of these attacks grow in line with their increasing complexity. As in North America, our survey has found that UK companies are hoping traditional defences will suffice, but given the frequency of attacks and the impact when sites go dark, such hopes are often badly misplaced.”