Undervaluing DDoS counter-measures expose companies to risk

Research conducted by Kaspersky Lab and B2B International has found that only half of the companies researched regard counter-measures against DDoS attacks as an important component of IT security.

Results found that 50% of companies may prove to be unprepared for a sudden attack, which could damage not only their finances, but also their reputation due to downtime of Internet services.

The research also higlighted the different approaches taken to protect against DDoS attacks. 60% of financial institutions, energy companies and utility services are conscious of the need for protection against DDoS attacks.

This figure seems quite low considering that IT continuity is critical for these companies, as they affect the well-being of many people.

There was also a noticeable variance in opinion among differently sized organisations. Only 38% of small businesses considered protection against DDoS attacks to be an important component of IT security, but for big companies this figure reaches up to 60%

Interestingly, the survey found no clear correlation between the level of threat faced in reality and the recognition of the need for DDoS protection. For instance, the sectors with public facing online services most affected by these incidents included IT companies (49%), e-commerce (44%), telecom (44%) and the media (42%).

At the same time, counter-measures against DDoS were named as important by 53% of telecoms companies, 50% of IT businesses, 41% of e-commerce and only 38% of media companies.

"Even if a company does not have a public facing website, its finances and reputation can be seriously affected by DDoS attacks. Commented Eugene Vigovsky, Head of Kaspersky DDoS Protection at Kaspersky Lab.

"It is known that DDoS can be organised not only to incapacitate online services or for ransom but also to mask other cybercriminal activities such as targeted attacks on the company to gain access to its confidential data."

"Therefore, protection against DDoS attacks is not reinsurance but a logical precaution important for any company that has business processes dependent on Internet services. To provide this protection, companies should use specialised solutions from vendors who have a wealth of experience and expertise in combating cyber threats", concluded Vigovsky.