Companies must consider DDoS protection as an integral part of their overall IT security policy, says Eugene Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab
A DDoS attack on a company's online resources might cause considerable losses - with average figures ranging from 32 lakh to 2.74 crores depending on the size of the company, according to Kaspersky Lab and B2B International. For many organisations, these expenses have a serious impact on the balance sheet as well as harming the company's reputation due to loss of access to online resources for partners and customers.
The total cost reflects several problems. According to the study, 61 per cent of DDoS victims temporarily lost access to critical business information; 38 per cent of companies were unable to carry out their core business, and 33 per cent of respondents reported the loss of business opportunities and contracts. In addition, 29 per cent of successful DDoS incidents had a negative impact on the company's credit rating.
The experts included the costs of remediating the consequences of an incident when calculating the average sum. For example, 65 per cent of companies consulted with IT security specialists, 49 per cent of firms paid to modify their IT infrastructure, 46 per cent of victims had to turn to their lawyers and 41 per cent turned to risk managers. These are only the most common expenses.
Information about DDoS attacks and subsequent disruption to the business often becomes public, adding to the risks. 72 per cent of victims disclosed information about a DDoS attack on their resources. Specifically, 43 per cent of respondents told their customers about an incident, 36 per cent reported to representatives of a regulatory authority, and 26 per cent spoke to the media.
"A successful DDoS attack can damage business-critical services, leading to serious consequences for the company. For example, the recent attacks on the Finnish OP Pohjola Group caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this. That's why companies must consider DDoS protection as an integral part of their overall IT security policy. It's just as important as protecting against malware, targeted attacks, data leaks and the like," said Eugene Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab