OREANDA-NEWS. A one in five chance of being hit. Several hours of downtime. Up to $417,000 to recover. This is the portrait of a typical DDoS attack, analyzed in detail in the latest Corporate IT Security Risks Survey conducted by Kaspersky Lab and B2B International. According to the research, 20% of businesses with 50 or more employees have suffered at least one DDoS attack, with enterprises being the most affected (24%).  Furthermore, over a quarter of attacks lead to the loss of sensitive data, an unexpected and damaging consequence of a DDoS attack.

The cost of recovery: a critical issue for SMBs

 DDoS attacks may lead to significant financial damage for small and medium businesses. In fact, DDoS is the fourth most expensive type of security breach faced by SMBs. On average, a DDoS attack costs SMBs more than $50K in recovery bills, which is significantly more than the typical costs they face recovering from other types of attack. Enterprises spend a lot to recover from a third-party failure or cyber espionage attack, but a typical financial loss for enterprises from a DDoS attack is $417,000, below average compared to recovery from other types of attacks. Small businesses were most likely to lose data as a result of a DDoS attack – 31% of SMBs reported data loss compared with 22% of enterprises.

This indicates that SMBs struggle to implement efficient measures to mitigate the threat of DDoS attacks, often due to limited resources. DDoS is an umbrella term for different attack technologies, and methods to avert them may be hard to understand and expensive to deploy. While analyzing attitudes about DDoS attacks, we see that roughly half of businesses surveyed think that additional investment on DDoS prevention technologies is worth the investment.

Damage variety: downtime, lost contracts, data loss

Most DDoS attacks last several hours and can cause complete disruption to a service. However, some attacks are even more damaging: 9% of those causing a service to go dark last from two days to a week and in 7% of cases such an attack lasted for several weeks or more. Unfortunately, the damage is not limited to downtime. According to respondents, 32% of serious DDoS attacks coincided with a network intrusion. Although it is hard to trace two different attacks to a single source, survey results provide evidence that DDoS attacks may lead to additional damage, including loss or theft of sensitive data.

“Businesses have to re-evaluate their perception of a DDoS attack. The report clearly shows that the damage scope from such attacks goes far beyond the temporary downtime of a corporate website. Companies report total disruption to their operations, and in some cases – loss of sensitive data. Still, many businesses feel that a mitigation strategy is too complex and expensive to implement. The solution to this is straightforward: vendors have to take technical challenges upon themselves, offering an easy to implement and use solution to clients. This is the approach that we have chosen for the Kaspersky DDoS Protection solution,” commented Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.