Corero Network Security: DDoS Attacks Hurt More Than Just Systems
We all have seen, whether first- or second-hand, the damage that a distributed denial of service (DDoS) attack can do to a system. A recent study from Corero Network Security noted that there are some kinds of damage we don't think about right away when it comes to the aftermath of a DDoS attack, but these are the kinds of damage that are even worse than temporary loss of access.
Nearly half the respondents in Corero's second-annual DDoS Impact Survey noted that a DDoS attack means the loss of confidence in the site from customers, and with it, a loss of trust. Just over a third of respondents at 34 percent, meanwhile, noted that there's worse afoot than loss of confidence and trust, though it directly relates: loss of revenue.
Moreover, there are different sizes of DDoS attacks to consider. Nearly a third—32 percent—of respondents noted that DDoS attacks on networks are taking place weekly, or even daily. The DDoS attack itself is actually both inexpensive and easy to bring out. For example, an open source utility known as the Low Orbit Ion Cannon (LOIC) has had a hand in many such attacks. It enables users to form voluntary botnets against networks. Sometimes, as noted by Corero chief operations officer (COO) Dave Larson, a DDoS attack can even be a diversion for something much worse.
Responses by survey participants to such attacks vary:
- 30 percent turn to traditional tools like load balancers and firewalls, with varying degrees of effectiveness.
- 30 percent said they turn to upstream service providers
- 85 percent believe that Internet service providers (ISPs) should offer tools to directly deal with DDoS attacks.
- 51 percent would be willing to pay more for premium services to stop DDoS attacks immediately.
- Thirty-five percent said they were willing to pay up to 10 percent of current ISP spending for such a service.
The issues of lost confidence and lost revenue go hand in hand. A loss of consumer trust and confidence generally means that said customers will turn elsewhere to have needs met, or at least cut back to mitigate potential losses.
In short, there is no good and increasing bad that can come from a DDoS attack. The survey numbers bear that much out regarding the present. It also presents a sobering view of the future.
In addition, there is an interesting takeaway here. Results indicated an opportunity for ISPs by offering DDoS prevention services. There is a clear demand, and a willingness to pay. The market is willing, but the solutions supply needs to catch up.
Edited by Peter Bernstein