Kaspersky Lab: 1 in 5 Firms Have No DDoS Protection
Nearly one in five global businesses are not protected from DDoS attacks, with many unsure about the best plan of action, according to new research from Kaspersky Lab.
The Russian AV vendor polled over 4,000 IT professionals from SME and large organizations in 25 countries around the world, and discovered a sizeable 16% currently have nothing in place to prevent potentially crippling attacks.
Worryingly, 30% claimed not to have put protection measures in place because they feel they aren’t likely to suffer such an attack, while 12% think a small amount of downtime is acceptable.
There’s also an assumption by many that either their internet service provider (40%) or data center/infrastructure provider (30%) will protect them.
Kaspersky Lab claimed that even if such an assumption is correct, many won’t be able to detect or deflect smarter attacks which typically seek to circumvent traditional filters – for example by using encryption.
That said, recent publicity of large scale DDoS attacks – most notably the Mirai-powered IoT botnet which disrupted many of the biggest names on the web – have had an impact on awareness levels, the research found.
A third of those with a DDoS mitigation strategy in place did so as a result of a risk assessment, while one in five (18%) claimed they’d been attacked before. An even bigger driver for DDoS protection among respondents is regulatory compliance (43%), Kaspersky Lab claimed.
The vendor’s head of DDoS protection, Kirill Ilganaev, argued that recent high profile attacks have highlighted just how disruptive DDoS can be.
“When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result, business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined,” he added.
“Online services and IT infrastructure are just too important to leave unguarded. That's why specialised DDoS protection solution should be considered an essential part of any effective protection strategy in business today.”
Source: Information Security Magazine