DDoS attacks remain key threat, with only half of companies prepared

Half of businesses worldwide have no countermeasures against distributed denial of service (DDoS) attacks, according to Kaspersky.

The security expert found just 50 per cent of firms regard DDoS protection as an important facet of IT security, fuelling fears that companies are leaving themselves exposed to attacks by cyber criminals.

The method of attack, in which many computer users and bots log onto a website in order to overwhelm its server and prompt it to crash, costs SMBs an average $52,000, and larger firms an average $444,000 in lost business and IT spending.

Meanwhile, 38 per cent of victims reported reputational damage as a result of the attack, according to joint research by Kaspersky and B2B International, which surveyed just under 4,000 companies spanning 27 countries.

However, such dire consequences are not spurring firms on to bolster their security, with just 37 per cent of companies using a DDoS protection solution.

Nearly two-thirds of enterprises thought such a tool was important, compared to 46 per cent of SMBs.

The research said: "The perceived importance and usage of a specialised DDoS countermeasure is somewhat dependent on the size of the business."

It added that DDoS attacks are easy and affordable to conduct, costing hackers just $50 to do.

Eugene Vigovsky, head of Kaspersky DDoS Protection, said: "Even if a company does not have a public facing website, its finances and reputation can be seriously affected by DDoS attacks.

"It is known that DDoS can be organised not only to incapacitate online services or for ransom but also to mask other cybercriminal activities such as targeted attacks on the company to gain access to its confidential data.

"Therefore, protection against DDoS attacks is not reinsurance but a logical precaution important for any company that has business processes dependent on Internet services."

The research follows a BT study in July that found two-fifths of companies across the world had suffered DDoS attacks in the previous 12 months.