The financial cost of a single DDoS attack could be as much as £35,000 ($50,000), research has found, but cash losses are less important to bosses than other factors. The research, commissioned by cybersecurity firm Corero Network Security, questioned over 300 IT professionals, who judged the cost of the website disabling attacks in terms of lost custom, costs of mitigation and lost productivity. Two thirds of respondents also said that they typically have to fend off between 20 and 50 attempted DDoS attacks each month.
That might be a huge financial hit, but when the survey asked responders to rank the impacts of an attack, lost cash didn’t top the list. Instead almost 80% said that damage to the firm in terms of lost customer trust and confidence was what worried them most. Other major concerns cited, surround other cyber-threats associated with a DDoS attack; theft of intellectual property or infection with malware. Lost revenue only rated as the fourth most damaging consequence.
The ranking of priorities will be welcome news to the UK’s National Cyber Security Centre, which issued a report last week calling for businesses to consider the reputational cost of breaches. Ashley Stephenson, Corero’s CEO says that the concerns are well founded: “Not all DDoS attacks will cost an organisation $50,000,” he says, “but having your website taken offline can damage customer trust and confidence. It will also impact the ability of sales teams to acquire new customers in increasingly competitive markets. These attacks cause lasting damage to a company’s reputation and could have negative consequences for customer loyalty, churn and corporate profits.”
The research also highlights the growing complexity of DDoS attacks, and their capacity to act as a distraction for more serious network incursions. 85% of those surveyed believe that DDoS attacks are used by attackers as a precursor or smokescreen for data breach activity. An additional 71% reported that their organisation has experienced a ransom-driven DDoS attack.
Participants also viewed DDoS attacks as more of a concern in 2018 than in the past. The clear majority cited the proliferation of unsecured Internet of Things (IoT) devices as the top reason for this concern, closely followed by the association between DDoS and data breach activity.
Mr Stephenson, whose company specialises in DDoS solutions, agrees with the responses. “A DDoS attack can often be a sign that an organisation’s data is also being targeted by cyber criminals. “As demonstrated by the infamous Carphone Warehouse attack, DDoS attacks can be used as a smokescreen for non-DDoS hacking attempts on the network,” he explains. “Hackers will gladly take advantage of distracted IT teams and degraded network security defences to exploit other vulnerabilities for financial gain.”