Nearly three-quarters of global firms have suffered a DDoS attack over the past 12 months with half losing $100,000 or more each hour during peak periods, according to the latest study from Neustar.
The global DDoS mitigation provider polled just over 1,000 C-suite execs to compile its October 2016 Worldwide DDoS Attacks & Protection Report.
Of those who had experienced an attack, 85% said they were subject to multiple blasts, with the largest number (29%) suffering attacks between 2-5 times.
Although 49% claimed they lost $100,000 per hour during peak periods as a result of an attack, the figure went as high as $250,000 or more for a third of respondents.
Time is money, but unfortunately 71% of respondents said they took an hour or more to detect attacks and 72% an additional hour to respond.
More worrying still for organizations is the fact that DDoS attacks appear to be increasingly used in conjunction with efforts to steal information, infect systems with ransomware or other cyberattacks – possibly as a smokescreen to distract IT teams.
Over half (53%) of respondents said they experienced additional compromise, with virus (46%), malware (37%) and ransomware (15%) all causing a major impact.
“Organizations should be concerned that DDoS attacks are growing increasingly sophisticated and relentless, frequently serving as the first stage of a multi-stage attack against an organization’s infrastructure,” said Rodney Joffe, senior vice president at Neustar.
The findings come at a time when IoT-based botnets are causing a huge amount of damage to organisations.
French hoster OVH was hit last week with an attack measuring over 1Tbps and the source code for the malware that enabled it, Mirai, has been released to the public.
“The issue is that businesses are failing to understand what is needed for a robust application of security from the outset, whether that’s for routers, smart devices or connected cars,” argued Fujitsu senior cyber threat intelligence manager, Paul McEvatt.
“The worrying reality is that security is often an afterthought and security fundamentals are still not being followed such as changing default passwords. Many of the cameras used in the recent DDoS attacks were shipped and left connected to the internet with weak credentials … so it is little wonder these devices continue to be compromised.”