DDoS Denial
Myth: It's only a DDoS attack. It's no big deal to be attacked.
Fact: This is where we see many organizations underestimate the impact of a DDoS attack. Lost revenue from a down service is only the beginning. The cost to mitigate the attacks, lost productivity, SLA credits, brand repair, etc. are just some of the indirect costs associated with a DDoS attack that are commonly overlooked.
If we look deeper into some of the business and operational implications of a DDoS attack, you need to consider: 1) How many IT personnel will be tied up addressing the attack, and what are they paid per hour? What else could these resources be contributing to the bottom line rather than mitigating slow performance or re-routing traffic? 2) How many more help desk calls will be received, and at what cost per call? This could be either internal or external, customer facing. 3) What will it take to recover operations? Will it require reconfiguration of components, additional capacity or components, even if on an interim basis? Under certain circumstances, what data might get lost or have to be manually re-captured? 4) What about repairing a company's brand due to the fact that the attack was blasted all over the media. 5) What are the resulting customer SLA credits, regulatory fees, etc. that will be required? At the end of the day, when attempting to weigh the consequences of today's DDoS attacks, it pays to think carefully and more broadly about consequences, and defenses.