What is your plan in case your company is hit by a distributed denial of service (DDoS) attack? Do you have a plan?
If you are like many of the companies surveyed in Corero Network Security’s most recent poll, the answer would be no, you probably don’t have a plan in place, despite knowing what the risks are. The survey of 100 companies discovered that 44 percent have no formal response plan. Worse yet, more than half don’t have the tools in place to defend against a DDoS attack.
Part of the problem, Corero discovered, is that companies tend to under-invest in security for their network infrastructure. And even when they do have security tools in place, no one is ensuring that they work when needed. It’s like having a jack and a spare tire in the trunk of your car but never checking to make sure the jack works or whether there is air in the tire. You might think you are prepared in case of a flat, but when the time actually comes, you are in no better shape than you would be if the jack and tire were at home in the garage.
Computerworld pointed out this interesting tidbit about the survey:
The pitch that many organisations are under-investing in security equipment is not a new one from vendors in this space; they have a lot to gain should firms spend money on new equipment and services. However, what does seem clear is that many organisations are unwilling or unable to invest in the expertise required to cope with DDoS attacks, a threat type that has recently evolved more rapidly than the technologies ranged against it.
It is an interesting point to ponder – why wouldn’t a business invest in the tools needed to make sure the enterprise network isn’t the victim of an attack? The results of an attack would cost much more. A Ponemon Institute study from last November found that each minute of downtime in a DDoS attack costs on average $22,000, and the average attack lasts nearly an hour. Can your company afford that?
And we can only expect DDoS attacks to get worse. As Ashley Stephenson, CEO of Corero Network Security, pointed out in a release:
With an increase in malicious attacks on organizations from cyber criminals, ideological hacktivists, nation states and even competitors, there is no foreseeable end in sight to the use of DDoS as a common method of intentional disruption.
So, I ask again, does your company have a plan and the tools in place to respond to a DDoS attack? And if the answer is no, what are you waiting for?