The good news is that the majority of distributed denial of service (DDoS) attacks aimed at corporations tend to be brief, lasting less than 24 hours on average. The bad new is, on average, these attacks cost business about US$40,000 per hour, according to a report released by cloud content delivery company that provides DDoS protection.
As many as 45 per cent of companies have been hit by a DDoS with the average DDoS attack costing businesses as much as half a million dollars, according to the report by Incapsula Inc., of Redwood Shores, Calif.
Incapsula surveyed some 270 companies in North America that employed anywhere from 250 to 10,000 employees. The average cost associated with a DDoS attack was approximately $500,000.
Incapsula found that 86 per cent of the DDoS attacks last less than a day and while about 68 per cent of the attacks last less than 13 hour they still “have the potential to cause significant damage.”
Incapsula said damage wrought by the attacks is not confined to financial costs and majority of the respondents reported suffering at least one non-financial consequence.
“We believe that with the costs for attacks decreasing and cost for businesses increasing, DDoS targets have broadened from financial institutions and government sites to any company that depends on online channels, like online retailers and SaaS vendors,” Marc Gaffan, CEO of Incapsula, said in a statement.
Non-financial impacts reported by respondents include:
- 52 per cent reported needing to reconfigure hardware or software
- 50 per cent had a virus or malware installed or activated
- 43 per cent experienced loss of customer trust
- 33 percent experienced customer data theft
- 19 per cent experienced loss of intellectual property
Almost half (45 per cent) of respondents indicated their organization was hit by a DDoS attack at some point. Of these number, nearly all (91 per cent) reported an attack during the last 12 months and 70 per cent reported being targeted two or more times.
Forty per cent or respondents said they believe perpetrators are attempting to flood their organization’s network, while 21 per cent said attackers are trying to “cause an outrage by targeting specific applications” and 33 per cent believe both were motivating factors.
When asked if they had received a ransom note from attackers, 46 per cent of respondents said they had while 45 per cent said they did not. This reveals an even mix of attackers motivated by financial gain and those who attack for different reasons, according to the report.
The survey results also show that even small companies are not safe from DDoS attackers.
“With ransom requests as low as a few hundred dollars yielding positive returns for attackers, even small technology startups are being targeted now,” Gaffan noted.