Welcome back to Cyber-Flood Friday! In this edition we discuss more about DDoS and the costs associated with attacks, and the trends within recent attacks. I also discuss the unfortunate growth sector of information-security, and how hackers are creating market demand for attack defenses. The articles mentioned shed light on recent news within Information Security, and shares note worthy information to stay ahead of attackers.
1) For Many U.S. Enterprises, DDoS Attacks Can Cost Over $100,000 Per Hour
- According to Neustar’s DDoS Attacks & Impact report nearly a third of U.S. companies say that a DDoS attack would cost them over $100,000 hourly
- From a survey of over 500 executives it is said that 85% of companies are hit by more than one DDoS attack annually while approximately a third of companies are hit over 10 times a year
- Over half of the companies from the survey say that they taking a much more significant effort in protecting themselves from DDoS attacks in comparison to prior years
- Most attacks are completed within 30 minutes, which is far shorter than the average detection and response rate
- Attacks are leveraging weaknesses in embedded devices, which are notoriously difficult to patch
Link Back:
We have discussed the financial implications of DDoS attacks quite a bit on this blog series but it’s not often that you get actual dollar values. Putting a specific number on the hourly costs of an attack may not be the most accurate way to measure the impact, but it gives insight on how much money some organizations are losing from having attacks launched against them. The reality is that not all DDoS attacks will cost the same, and it will vary depending on the organization being attacked, the attacker’s motivation, and the type of attack being launched. The cost of a DDoS attack is not only calculated based on the direct downtime but can also be heavily influenced by loss of reputation and fear of repeated outages. As many companies are being targeted repeatedly it only makes sense for them to put forth a more significant effort on remediation, testing and defense against these attacks.
This article identifies several challenges which an organization may face when attempting to mitigate DDoS attacks. The first is that attacks are starting to have very short runtimes (under 30 minutes) which is much lower than the average response rate. Secondly it identifies the rise in use of vulnerabilities in embedded devices such as smart camera’s, this type of software is normally very hard to patch due to the limited amount of access which is given to the underlying operating system. Implementing proper response plans for these types of attacks is not trivial, however performing runtime tests and assessments of your exposed services can help you find systems that need to be patched and identify gaps in response processes that can be remedied.
2) The Unfortunate Growth Sector: Cybersecurity
- This article discusses the growth in the information-security sector due to the rise in cyber-crime and resources put towards developing threat actors with capabilities beyond the traditional attacker
- International warfare may become an online affair, as attacks can impact a countries businesses and economy by targeting insecure infrastructure
- Growth in the U.S. can be seen by the Secretary of Defense Chuck Hagel sharing the plans the Pentagon has to triple its cyber-security staff by 2016
Link Back:
The evolution of online crime has caused large multi-national organizations and countries to adopt a defensive approach to securing their critical infrastructure. One of the biggest blockers to this is the fact that the industry as a whole is severely lacking talent, there is an extreme shortage in security trained workers. The U.S. Government is attempting to develop human capital by investing heavily in school programs which teach the core skills. The reason the U.S. is putting a lot of effort and resources into this is that the U.S. lost the most data, and money comparing to other countries due to human error, system glitches, and malicious and criminal attacks.
The only downside to this program is that due to the sensitivity of data these resources are working with, they must be citizens of the Country. The rise in cyber-crime all over the world should prompt countries and businesses to grow their defenses as quickly as possible. The most qualified defense personnel should be put on the front lines protection. To learn more about what governments can do to defend against cyber-crime such as DDoS attacks visit.
I hope you enjoyed Cyber-Flood Friday this week and be sure to visit next time to get all of your security news!
