In the first part of the blog series, we discussed the direct costs of DDoS attacks. In this second part, we will discuss the indirect and long-term damages from DDoS attacks and the solutions we propose.
Indirect & Long-term Costs
Cost of Your Data
The first and most serious implication of DDoS attacks is the loss of data. Data loss is an indirect outcome of DDoS attacks, as DDoS attacks are sometimes smokescreens for other types of cyber-attacks.
The Neustar and Harris Interactive Report states that 92% of those companies that had suffered only one DDoS attack experienced theft of intellectual property, customer data, and/or financial assets and resources. On average, Ponemon Institute estimates every lost or stolen record costs businesses $225.
It is important to make a clear assessment of all existing data in terms of its value for the business and its potential value for thieves and then quantify the implications of lost or compromised data.
Break in Business Continuity
DDoS attacks are often mitigated within a few hours, though there are several instances of intermittent attacks over several days. DDoS attacks that affect user experience can sometimes kill small businesses, and the sad news is that nearly 60% of small businesses do not recover.
As a first step, it is important to look at the picture holistically, and make a checklist of all the potential impacts of an attack on business continuity:
Loss of productivity due to time spent on an investigation
The additional operational workload from repair and response
Qualifying the factors involved in business continuity and converting the time-to-recover into man hours will help to quantify this cost.
Post-attack there are costs involved with regulatory defenses, penalties, and fines. These costs would be the result of non-compliance, security breaches, and lawsuits. Government laws are extremely clear on security. Therefore, businesses along with all the losses related to the actual attack impact, will have to face governmental repercussions. For example, the requirement under PSD2 is to offer an open communication interface to TPPs. However, this increases the security risks to financial institutions. Banks are required by PSD2 to put in place advanced security controls for the open interfaces to mitigate the risk. Calculating this cost will require ensuring a robust mitigation solution and ensuring that there is a clear understanding of costs associated with legal and regulatory issues in case of DDoS attacks.
Loss of Customer Value
Customer relationships are based on trust, i.e. that their information will be safe, and the organization will display only the highest level of integrity. Loss of trust can hurt a business badly with customers opting out. Often depending on the business, lawsuits ensue, and settlements can even run into millions of dollars. Some businesses may need to compensate customers for losses. Finally, there is the question of rebuilding confidence and trust which can take a long time if ever.
Calculating this cost will require a thorough understanding of customer implications, i.e. compensation, the time to rebuild, and adding a percentage to lost business. This would help to arrive at a quantifiable cost number.
What is the Solution?
Some may believe that cyber insurance is the solution. It is a fact that cyber insurance as a business is growing fatter. It is expected to grow to $14 billion in 2022 from $3 billion in 2016.But insurance comes into play after an attack which is not the most ideal solution. Of course, it is good to have a robust insurance policy in place, but DDoS mitigation is mandatory. However, in our experience VPN Gateways of 85% of companies are not protected adequately by their DDoS mitigation policies. This means that if these gateways came under a DDoS attack, employees' ability to connect to work could be significantly impacted.
To summarize, even with the most sophisticated DDoS mitigation and testing solutions deployed, most companies are left with a staggering 48% DDoS vulnerability level. The vulnerability gap stems from DDoS mitigation solutions & infrequent Red Team DDoS testing being reactive, instead of continuously evaluating and closing vulnerabilities.
Mitigation solutions do not constantly re-configure and fine-tune their DDoS mitigation policies. Leaving their ongoing visibility limited and forcing them to troubleshoot issues at the very worst possible time, that is, when systems are brought down by a successful DDoS attack. These solutions are all reactive, reacting to an attack, and not closing DDoS vulnerabilities before an attack happens.
RADAR™, MazeBolt’s new patented technology solution is part of the MazeBolt security platform. RADAR™ simulates DDoS attacks continuously and non-disruptively. Delivering advanced intelligence, through straightforward reports on how to remediate the DDoS vulnerabilities found. Closing the DDoS gap by assisting your mitigation solution to fix ongoing security gaps before they are exploited. Using RADAR™ you never have to rely on risky zero-day reactive mitigation capabilities. RADAR™ assists organizations in achieving, maintaining, and verifying the continuous closing of their DDoS vulnerability gaps. Reducing and maintaining the vulnerability level from an average of 48% to under 2% ongoing.
MazeBoltis an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.