DDoS Mitigation Solutions | Calculate Cost of DDoS Attacks

In the first part of the blog series, we discussed the direct costs of DDoS attacks.  In this second part, we will discuss the indirect and long-term damages from DDoS attacks and the solutions we propose.

Indirect & Long-term Costs

Cost of Your Data

The first and most serious implication of DDoS attacks is the loss of data. Data loss is an indirect outcome of DDoS attacks, as DDoS attacks are sometimes smokescreens for other types of cyber-attacks.

The Neustar and Harris Interactive Report states that 92% of those companies that had suffered only one DDoS attack experienced theft of intellectual property, customer data, and/or financial assets and resources. On average, Ponemon Institute estimates every lost or stolen record costs businesses $225.cost blog-1

It is important to make a clear assessment of all existing data in terms of its value for the business and its potential value for thieves and then quantify the implications of lost or compromised data.

Break in Business Continuity

DDoS attacks are often mitigated within a few hours, though there are several instances of intermittent attacks over several days. DDoS attacks that affect user experience can sometimes kill small businesses, and the sad news is that nearly 60% of small businesses do not recover.

As a first step, it is important to look at the picture holistically, and make a checklist of all the potential impacts of an attack on business continuity:

  1. Lost opportunities
  2. Loss of productivity due to time spent on an investigation
  3. The additional operational workload from repair and response

Qualifying the factors involved in business continuity and converting the time-to-recover into man hours will help to quantify this cost.

Regulatory Impact

Post-attack there are costs involved with regulatory defenses, penalties, and fines.  These costs would be the result of non-compliance, security breaches, and lawsuits. Government laws are extremely clear on security. Therefore, businesses along with all the losses related to the actual attack impact,  will have to face governmental repercussions. For example, the requirement under PSD2 is to offer an open communication interface to TPPs. However, this increases the security risks to financial institutions. Banks are required by PSD2 to put in place advanced security controls for the open interfaces to mitigate the risk. Calculating this cost will require ensuring a robust mitigation solution and ensuring that there is a clear understanding of costs associated with legal and regulatory issues in case of DDoS attacks.

Loss of Customer Value

Customer relationships are based on trust, i.e. that their information will be safe, and the organization will display only the highest level of integrity. Loss of trust can hurt a business badly with customers opting out. Often depending on the business, lawsuits ensue, and settlements can even run into millions of dollars. Some businesses may need to compensate customers for losses. Finally, there is the question of rebuilding confidence and trust which can take a long time if ever.

Calculating this cost will require a thorough understanding of customer implications, i.e. compensation, the time to rebuild, and adding a percentage to lost business. This would help to arrive at a quantifiable cost number.

What is the Solution?

Some may believe that cyber insurance is the solution. It is a fact that cyber insurance as a business is growing fatter. It is expected to grow to $14 billion in 2022 from $3 billion in 2016. But insurance comes into play after an attack which is not the most ideal solution. Of course, it is good to have a robust insurance policy in place, but DDoS mitigation is mandatory. However, in our experience VPN Gateways of 85% of companies are not protected adequately by their DDoS mitigation policies. This means that if these gateways came under a DDoS attack, employees' ability to connect to work could be significantly impacted.

To summarize, even with the most sophisticated DDoS mitigation and testing solutions deployed, most companies are left with a staggering 48% DDoS vulnerability level. The vulnerability gap stems from DDoS mitigation solutions & infrequent Red Team DDoS testing being reactive, instead of continuously evaluating and closing vulnerabilities.

Mitigation solutions do not constantly re-configure and fine-tune their DDoS mitigation policies. Leaving their ongoing visibility limited and forcing them to troubleshoot issues at the very worst possible time, that is, when systems are brought down by a successful DDoS attack. These solutions are all reactive, reacting to an attack, and not closing DDoS vulnerabilities before an attack happens.

The Solution - RADAR™

RADAR™, MazeBolt’s new patented technology solution is part of the MazeBolt security platform. RADAR™ simulates DDoS attacks continuously and non-disruptively. Delivering advanced intelligence, through straightforward reports on how to remediate the DDoS vulnerabilities found. Closing the DDoS gap by assisting your mitigation solution to fix ongoing security gaps before they are exploited. Using RADAR™ you never have to rely on risky zero-day reactive mitigation capabilities. RADAR™ assists organizations in achieving, maintaining, and verifying the continuous closing of their DDoS vulnerability gaps. Reducing and maintaining the vulnerability level from an average of 48% to under 2% ongoing.

To learn more about the hidden costs of DDoS Attacks, read our whitepaper `Cost and Implications of a DDoS Attack.

About MazeBolt

MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.

References

Picture of Mali Cohen Denzinger

About Mali Cohen Denzinger

VP - Marketing