Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

Similar documents
A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Global DDoS Threat Landscape

THE CYBERSECURITY LITERACY CONFIDENCE GAP

DDoS MITIGATION BEST PRACTICES

Enterprise D/DoS Mitigation Solution offering

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

2016 COOLING THE EDGE SURVEY. Conducted by Vertiv Publication Date: August 30, 2016

IBM Cloud Internet Services: Optimizing security to protect your web applications

Cyber War Chronicles Stories from the Virtual Trenches

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Building a Threat Intelligence Program

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

The 2017 State of Endpoint Security Risk

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

HOSTED SECURITY SERVICES

Second International Barometer of Security in SMBs

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

National Bank Minimizes Security Risk and Supports New Business with McAfee Security Solutions

How to Choose a CDN. Improve Website Performance and User Experience. Imperva, Inc All Rights Reserved

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

The Cost of Denial-of-Services Attacks

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

What is Penetration Testing?

Toward an Automated Future

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

Prolexic Attack Report Q4 2011

Creating and Testing Your IT Recovery Plan

BACKUP TO THE FUTURE A SPICEWORKS SURVEY

HEALTH CARE AND CYBER SECURITY:

CompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

Annual Public Safety PSAP Survey results

ACHIEVING FIFTH GENERATION CYBER SECURITY

Panda Security 2010 Page 1

The State of Cloud Monitoring

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

The 2017 State of IT Incident Management. Annual Report on Incidents, Tools & Processes

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

2015 VORMETRIC INSIDER THREAT REPORT

THE STATE OF CLOUD & DATA PROTECTION 2018

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Why the Threat of Downtime Should Be Keeping You Up at Night

Neustar Security Solutions Overview

Combating Cyber Risk in the Supply Chain

Arbor White Paper Keeping the Lights On

The 10 Disaster Planning Essentials For A Small Business Network

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cyber Security. June 2015

THALES DATA THREAT REPORT

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Preparing your network for the next wave of innovation

Understanding Managed Services

Clarity on Cyber Security. Media conference 29 May 2018

CICS insights from IT professionals revealed

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Tripwire State of Container Security Report

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

IT SECURITY FOR NONPROFITS

Machine-Powered Learning for People-Centered Security

The State of Data Center Health Management Strategy 2017

Operationalize Security To Secure Your Data Perimeter

Cybersecurity and Hospitals: A Board Perspective

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

An SMB s Guide to Business Continuity and Disaster Recovery

As Enterprise Mobility Usage Escalates, So Does Security Risk

Cybersecurity Survey Results

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Escaping PCI purgatory.

ESG Research. Executive Summary. By Jon Oltsik, Senior Principal Analyst, and Colm Keegan, Senior Analyst

WHITE PAPER Hybrid Approach to DDoS Mitigation

AKAMAI CLOUD SECURITY SOLUTIONS

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Vulnerability Management Trends In APAC

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Disaster Recovery Is A Business Strategy

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Securing Industrial Control Systems

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

2010 Online Banking Security Survey:

Transcription:

Survey Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses BY: TIM MATTHEWS 2016, Imperva, Inc. All rights reserved. Imperva and the Imperva logo are trademarks of Imperva, Inc.

Contents Report Introduction... 3 Survey Methodology... 4 How Widespread are DDoS Attacks?... 5 Profile of an Attack... 6 Business Impact... 8 Mitigation and Preparedness...10 Learning More/Getting Prepared...11 2 ebook

01 Report Introduction The impact of distributed denial of service (DDoS) attacks gets bigger and harder to ignore every year; 2014 is certainly no exception. But while such assaults are on the rise, many companies have been content to protect themselves with antiquated firewall-based solutions. Instead they should be investing in solutions providing true protection against unscheduled downtime and financial losses. To determine real-world costs posed by DDoS attacks in 2014, Incapsula commissioned a survey to gauge real organizations experiences with them. By compiling these statistics, we hoped to provide some perspective. Additionally, we wanted to underscore the importance of investing in a truly impenetrable mitigation solution. Current DDoS trends make it clear that yesterday s strategy is no longer defensible. Large-scale volumetric attacks are growing in size, requiring increased network capacity in order to keep up. In addition, new and more sophisticated DDoS varieties are emerging, requiring organizations to be both highly flexible and ready for anything that might come their way. Organizations continuing to rely on existing protection solutions or worse, no solution at all should reassess their position in light of this pervasive threat. 3 ebook

02 Survey Methodology Incapsula s survey data includes responses from 270 North American organizations. 1 These vary greatly in size from as few as 250 employees to 10,000 or more having a fairly even distribution between the two extremes. Reporting organizations are also functionally diverse. When asked to describe the industry in which they primarily operate, responses such as software/technology, manufacturing, and banking/finance were cited. Respondents hold a variety of positions, from system administration to web, network, security, and developer operations. About 80% of the participants reported their company is headquartered in the U.S. Role of Those Surveyed 10% System administration 33% 23% 12% 21% Network operations Developer operations Website operations Security operations The survey provides valuable insights regarding the actual costs of DDoS attacks; these may prove informative to any organization having previously ignored DDoS protection or which continues to rely on antiquated methodologies. 1 / The Incapsula DDoS Attacks survey took place between August 4 and August 9, with a total of 270 information technology (IT) professionals participating. The survey was fielded online, and conducted by the Cicero Group, an independent third party marketing research firm. All participants were selected at random, from a variety of industries, across the U.S. and Canada. The survey has a confidence interval of approximately +/- 5.96% at a 95% confidence level. The results are also useful in describing risks using common business terminology. 4 ebook

03 How Widespread are DDoS Attacks? DDoS assaults are common Almost half (45%) of the respondents indicated their organization had been hit at some point. Of these, almost all (91%) reported an attack during the last 12 months, and over two-thirds (70%) were targeted two or more times. Surveyed Companies Hit by a DDoS Attack 55% 45% Yes No either somewhat familiar or very familiar. Further, their familiarity isn t merely based on theoretical knowledge many indicated they have direct experience dealing with DDoS incursions. While organizations of all sizes experience DDoS assaults, they are often worse for larger entities. Those having 500 or more employees are most likely to experience a DDoS assault, incur higher attack costs, and require more employees to combat the threat. Size of Companies Hit by DDoS Attack The data reflect that most organizations have at least some familiarity with DDoS threats. When asked to rate their understanding of them, including what they are and how they work, 98% of the participants declared they were 250-499 employees 500-999 employees 1,000-4,999 employees 5,000-9,999 employees 10,000 or more employees 19% 26% 27% 12% 17% 5 ebook

04 Profile of an Attack DDoS assaults come in many shapes and sizes, so organizations must be prepared for anything in order to protect themselves shorter durations, average attack lengths of days or even more than a week are also reported. Participants offered a wide range of answers regarding DDoS duration, whether perpetrators used a ransom note to extort money, and what the primary tactic of each incursion appeared to be. When asked how long an average assault lasts, they report a higher number of shorter attacks, with 86% reporting an average of 24 hours or less. 37% 0-6 hours ~2/3 of attacks last 6+ hours 49% 6-24 hours 8% 1-7 days 4% 7+ days 2% unsure However, upon closer examination, the data reveals there are no predictable patterns as to how long an assault will last. Thirty-seven percent of organizations reported an average of six hours or less, 31% cited 6 to 12 hours, and 18% claimed 13 to 24 hours. While the trend seems to point toward In part, NTP amplification attacks can be massive because the underlying UDP protocol does not require two-way handshaking. There seems to be no unified motive behind attacks, either. 6 ebook

Respondents were evenly divided in answering whether they had ever received a ransom note from a DDoS perpetrator: 46% indicated they had, while 45% had not. This reveals an even mix of those motivated by financial gain and others who attack for different reasons. Here 40% of participants believe perpetrators were attempting to flood their organization s network, 25% surmised they were trying to cause an outage by targeting specific applications, and 33% believe both were the motivating factors. The tally shows that there is also a fairly even distribution of attack types used by offenders. Intent of the DDoS Attack 2% 33% 25% 40% Flooding your company's network infrastructure to block all connections to its domain Targeting specific applications to block your company's use Both Unsure 7 ebook

05 Business Impact 49% of DDoS attacks last between 6-24 hours. This means that with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000 with some running significantly higher. Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales. The Per Hour Cost of a DDoS Attack experienced at least one non-financial consequence, such as loss of customer trust, loss of intellectual property, and virus/malware infection, while 60% incurred two or more. 52% had to replace hardware or software, 50% had a virus or malware installed/activated on their network, and 43% experienced loss of consumer trust. Furthermore, 33% acknowledged customer data theft, and 19% suffered intellectual property loss. 17% 15% 17% 15% 36% $0 - $4,999 $5,000 - $19,999 $20,000 - $59,999 $60,000 - $99,999 $100,000 + There is much more than meets the eye in relation to DDoS dangers and costs. This is illustrated by participants answers when asked to describe which operational area takes the largest financial hit during an assault. As you might expect, at 35% IT was the most-cited answer. Additionally, most respondents who had been targeted experienced a variety of non-financial costs. 87% However, responses were fairly distributed among all options, with 23% naming sales, 22% identifying security 8 ebook

and risk management, and 12% citing customer service. Marketing and legal were also listed, revealing that very few departments are completely safe from DDoS carnage. Recovering from attack damage can also take months or years. Over half of the respondents (52%) reported their organization had to replace software/hardware, or that it had lost revenue. An additional 43% confirmed that their organization lost consumer trust. Each example reveals DDoS aftermath to be long-term. Operational Areas Most Financially Impacted by the Attack IT group 2% 2% 35% Customer sales Security/Risk management 5% 12% 23% Call center/customer service Marketing/Public relations 22% Legal Other 9 ebook

06 Mitigation and Preparedness Many of those surveyed work for organizations lacking an effective plan to prepare for, and mitigate, targeted DDoS penetrations. When participants were asked to describe how many people are typically involved in mitigating an incursion, the numbers tend to be higher. 27% reported their organization used 15 or more people, while no one works for an entity where its response could be managed by a single person. Number of Employees Involved in Mitigating or Combating an Attack These numbers emphatically demonstrate there is room for improvement when it comes to efficiently thwarting DDoS attacks. Ideally, an organization should be able to quickly respond with as few employees as possible. Statistics regarding measures taken to protect themselves are equally discouraging. Over half of all respondents acknowledge that their firm continues to rely on web application firewalls or traditional network firewalls partial solutions that are vulnerable on their own. 2 to 3 4 to 6 7 to 10 11 to 15 More than 15 Unsure 8% 21% 24% 16% 27% 3% A respectable 43% reported that their organization uses a purpose-built DDoS protection solution. This is a good sign. Ideally, however, all organizations should avail themselves of the latest mitigation technologies. These provide a level of defense that traditional firewalls can never match. 10 ebook

07 Learning More/Getting Prepared Our 2014 DDoS Impact Report data demonstrate an alarming trend intrusions are becoming more prevalent, more sophisticated, and more costly. At the same time, many organizations aren t taking appropriate measures to protect themselves. The survey reveals that many organizations continue to haphazardly respond to attacks, relying on the same firewall solutions they ve been using for years. In today s world, where DDoS attacks are increasingly common and can easily cost an organization hundreds of thousands of dollars, this is no longer tenable. If you want to be more proactive about combating DDoS attacks, then the data from this survey will help you to convince your CEO/CTO/CFO that steps need to be taken. After all, the numbers don t lie. To learn what your company should do next, download our free DDoS Response Playbook. 11 ebook

Try a 14-day Free Trial No software to download or equipment to hook up Getting started is easy and requires only a DNS change Includes load-balancing and web application acceleration Get Started Today Questions? Contact us

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback