What is the Cost of a DDoS Attack?
The cost will depend on several variables, such as the type of business you are in, the volume of your business that is online, the type of brand you are developing, the type of customers, as well as your competitors. There are even calculators that can help you come up with such number in advance, relying on your annual revenue, annual revenue through online sales and the frequency of attacks in a given industry. “Enterprises, hosting providers and cloud service providers are experiencing DDoS attacks on their data centers more frequently and with more severe business consequences than ever before,” according to recent Arbor Networks white paper. “Because the goal of an attacker is to create maximum disruption, attacks are more likely to occur at the worst possible times for your business.”
In their survey results, hourly cost of downtime per 1000 square feet (as in data center size) ranges from $8,500 to $201,000, with a mean of $46,000.
Image 1 – In all security threats, DDoS attacks bring most damage (Image source: Arbor Networks)
How is the DDoS attack done, in the first place? The attacker chooses one computer system and makes it the DDoS master. From the master system, he begins communicating with other computer systems that can, in result, be compromised and used, i.e. they now become controlled machines referred to as zombies or bots (sometimes there can be as many as hundreds of thousands of them). With a single instruction from the master system, the attacker can have all the controlled machines launch packets at the targeted host. This stream finally overwhelms the targeted machine, and the result is the denial-of-service, or a complete stop of all the site’s functions on the internet, so that no one can access it.
In 2012, the revenue risk for a DDoS attack was estimated, for most cases, at less than £1,000 per hour. However, the impact could reach more than £100,000, with financial sector organizations, or telecoms firms, for example. To put it in a perspective, 37% of DDoS attacks reported in 2012, lasted for more than 24 hours, 24% lasted for more than three days, and 22% lasted for more than a week (see: Computer Weekly).
Another serious damage, besides the financial loss, happens along with the denial of service attack. Brand value is seriously eroded, operational costs can skyrocket, and you might have to invest in new people and technologies to manage the risk better in the future.
A high percentage of companies still do not have proper protection against DDoS attacks, i.e. they use only routers and switches and web application firewalls, and as many feel they won’t be targeted. Breaking news. DDoS attack tools are now more available than ever, free or at a low cost, to any individual who can now find an easy way through the network to disrupt a webpage. Most targeted are e-commerce services, and financial services, but also large businesses such as Amazon, or Yahoo! Not even PirateBay was spared of a DDoS attack in the recent past. in 2011, WordPress, the site thatserves 18 million publishers, and is responsible for 10% of all websites in the world, was down for several hours.
Changing Nature: Getting Bigger, but Shorter!
As we have discussed in our previous post on DDoS attacks, they are escalating in size, frequency and complexity. However, it seems, they are getting shorter, 86% now last less than one hour. At the same time, average bit per second size almost doubled, 46.5% of attacks are now over 1Gbps, which is a jump of 13.5% from 2012. Proportion of attacks in the 2-10 Gbps range more than doubled, even proportion of attacks over 10 Gbps increased by 41.6%. In the first half of 2013 we have seen more than double the total number of attacks over 20Gbps we saw in the whole of 2012, according to live ATLAS feed.
This is the active threat that continues with great speed and requires resourceful defense.
DDoS attacks cannot be fully avoided, nor can you fight them with a single method. The intensity of the packets launched at the site, however, can be lessened, and these methods are known as DDoS mitigation. The attack prevention also depends on the entire internet community and their keeping of machines up to date and using proper security tools.
There are general techniques, i.e. common preventive measures such as system protection, cleaning, installing security patches, firewall, IP hopping. Also, and more importantly, filtering techniques: filtering of incoming IP addresses, adapting restrictive mechanisms, reversing IP paths, filtering spoofed IP packets, controlling traffic… The combination of both can help successful mitigation, but none is a guarantee.
- Quantifying the Risk of a DDoS Attack – Arbor Networks (PDF)