A new study by A10 Networks and IDG Connect has revealed that many businesses are fighting at least 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes.
The DDoS: A Clear and Ever Present Danger report found that as DDoS attacks become more popular, they are also growing harder to defend. While the average peak bandwidth of attacks was a staggering 30-40 gigabits per second (Gbps), 59 percent of organizations have experienced an attack over 40 Gbps. A majority of respondents (77%) also expect sophisticated multi-vector attacks to pose the most dangerous type of DDoS attack in the future.
Businesses are fighting back. More than half of the surveyed organizations said they planned to increase their DDoS prevention budgets in the next six months. IT security teams are the most likely to lead DDoS prevention efforts (36 percent), followed closely by the chief security officers (26 percent) and the CIO (26 percent).
“DDoS attacks are called ‘sudden death’ for good reason,” said Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority. With a better threat prevention system, they can turn an urgent business threat into an FYI-level notification.”
Key report findings include:
The typical company was hit by an average of 15 DDoS attacks per year, with larger organizations experiencing more.
● One in five companies reported effective downtimes of over 36 hours, with the average attack resulting 17 hours.
● 33 percent of respondents reported DDoS attacks over 40 Gbps, with the most common attacks including UDP Flood (23%), Slow Post/Slowloris (16%) and SYN Flood (14%).
● 77 percent believe multi-vector attacks, which include volumetric and application layer attacks, will be the most dangerous in the future.
● Over half of the respondents plan to increase their DDoS budgets in the next six months (54%).
● 53% of respondents say that on-premise protection is required to be the most effective solution to address a multi-vector DDoS threat, either “hybrid” protection (34%), or an on premise appliance only solution (19%).
The report surveyed 120 IT decision makers at large organizations. To learn more about DDoS attacks and their effect on businesses, read the full report.