Most Organizations Experience Three Distributed Denial-of-Service Attacks a Year
According to a new report, 65 percent of organizations experience three distributed denial-of-service (DDoS) attacks each year, but most of those organizations are not prepared to mitigate the attacks.
Despite the increasing sophistication and severity of cyber-attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today's threat landscape. In a new report titled "Cyber Security on the Offense: A Study of IT Security Experts," the Ponemon Institute and Radware, a leading provider of application delivery and application security solutions for virtual and cloud data centers, found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks - much less putting into practice proactive and preventative measures to protect their organizations.
Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity-based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.
Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it's clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute, it is no surprise that respondents ranked availability as their top cyber security priority.
63 percent rate their organization’s offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker's computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it's clear that the old adage, "the best defense is a good offense" is not being practiced by most firms.
Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility, mobile/remote employees and negligent insiders as their top three areas of greatest cyber security risk, it's clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more frightening, today's threats are multi-layered, targeting not only networks but the data and application levels as well.