Nearly three-quarters (73 percent) of organisations worldwide have suffered a DDoS attack and 76 percent are investing more in response to the threat of such attacks.
For its new global report, Neustar studied 1,002 directors, managers, CISOs, CSOs, CTOs and other C-suite executives to discover how DDoS attacks are affecting them and what they're doing to mitigate the threat.
Respondents represent diverse industries such as technology (18 percent), finance (14 percent), retail (12 percent) and government (seven percent) in North America, EMEA, and Asia Pacific.
In EMEA, 75 percent of organisations were attacked. Nearly half (48 percent) were attacked six or more time and 32 percent encountered malware after a DDoS attack.
Almost a quarter (21 percent) of attacked organisations reported customer data theft and 70 percent of those specific respondents said they learned of the attack from outside sources, such as social media.
Globally, 30 percent of organisations took less than an hour to detect a DDoS attacks. In EMEA, 37 percent of organisations took three or more hours to detect attacks.
Despite only two percent of reported attacks exceeding 100+ GBPS, recent DDoS attacks have reached over 620 Gbps and up to almost 1 Tbps in attack size.
Organisations are seeking to stay one step ahead of the game and protect against DDoS attacks. To prevent and protect against future attacks, organisations are using:
Traditional firewall ISP based prevention (53 percent)
Cloud service provider (47 percent)
On-premise DDoS appliance and a DDoS mitigation service (36 percent)
DDoS mitigation service (29 percent)
DDoS mitigation appliance (27 percent)
CDN (14 percent)
WAF (13 percent)
No DDoS protection is used in four percent of organisations.
Nearly two-thirds (61 percent) have adopted and actively use IoT devices. In all, 82 percent of IoT adopters experienced an attack compared to just 58 percent of those who have not yet done so. Moreover, 43 percent of IoT adopters that were attacked are investing more than they did a year ago.
In emailed commentary to SCMagazineUK.com, Paul McEvatt, senior cyber-threat intelligence manager, UK & Ireland at Fujitsu said, “This latest report revealing the different levels of DDoS attacks has really highlighted the issues with the security of Internet of Things devices, with 82 percent of IoT adopters having experienced an attack compared with just 58 percent of those who have not yet done so. When internet-connected devices are hacked, it again brings to the surface the security risks we face as technology touches every aspect of daily life.
McEvatt added, “The issue is that businesses are failing to understand what is needed for a robust application of security from the outset, whether that's for routers, smart devices or connected cars. Various attackers use online services to look for vulnerable IoT devices, making organisations an easy target for low-level cyber-criminals. The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Many of the cameras used in the recent DDoS attacks were shipped and left connected to the internet with weak credentials such as root/pass, root/admin or root/1111111, so it is little wonder these devices continue to be compromised.”