Myth: It's only a DDoS attack. It's no big deal to be attacked.
Fact: This is where we see many organizations underestimate the impact of a DDoS attack. Lost revenue from a down service is only the beginning. The cost to mitigate the attacks, lost productivity, SLA credits, brand repair, etc. are just some of the indirect costs associated with a DDoS attack that are commonly overlooked.
If we look deeper into some of the business and operational implications of a DDoS attack, you need to consider: 1) How many IT personnel will be tied up addressing the attack, and what are they paid per hour? What else could these resources be contributing to the bottom line rather than mitigating slow performance or re-routing traffic? 2) How many more help desk calls will be received, and at what cost per call? This could be either internal or external, customer facing. 3) What will it take to recover operations? Will it require reconfiguration of components, additional capacity or components, even if on an interim basis? Under certain circumstances, what data might get lost or have to be manually re-captured? 4) What about repairing a company's brand due to the fact that the attack was blasted all over the media. 5) What are the resulting customer SLA credits, regulatory fees, etc. that will be required? At the end of the day, when attempting to weigh the consequences of today's DDoS attacks, it pays to think carefully and more broadly about consequences, and defenses.
Enterprises and service providers worldwide, across every industry, face a never-ending deluge of distributed denial-of-service (DDoS) attacks that continue to rise in size, frequency and complexity. Unfortunately, not all companies realize the danger that DDoS attacks pose, or have insight into their own risk profile. The bottom line is that you first need to understand the facts about both in order to determine the right amount of insurance and risk you're willing to live with. In an effort to shed more light on these issues, Tom Bienkowski of Arbor Networks has outlined the five most common DDoS myths that he's heard from customers and prospects in the field.