DDoS: Lessons From U.K. AttacksSurvey Illustrates No Industry Is Safe
While U.S. banking institutions brace for the next wave of distributed-denial-of-service attacks by Izz ad-Din al-Qassam, new cyberthreat research reminds us that no industry or global market is immune to DDoS.
A new study from online security provider Neustar shows that DDoS attacks are up in the United Kingdom, just as they are in the U.S., and they're targeting everything from e-commerce sites to government.
It's not just banking institutions that DDoS attackers want to take down.
It's not just banking institutions that DDoS attackers want to take down - a truth we've been preaching for several months. But now, data proves it.
Of the 381 U.K. organizations polled between May and June by Neustar, 22 percent said they suffered from some type of DDoS attack in 2012. By comparison, a survey of 704 North American organizations released in April 2012 showed that 35 percent had been targeted by DDoS within the last year.
While the financial services sector has been the primary DDoS target in the U.S., telecommunications companies are the No. 1 target in the U.K., according to the Neustar survey, with 53 percent reporting attacks.
Half of U.K. e-commerce companies and 43 percent of online retailers surveyed reported attacks. But only 17 percent of the U.K. financial-services organizations say they had been targeted, compared with 44 percent in the North American survey.
The North American data is a bit out of date, so the percentage of financial institutions hit by DDoS is now probably even higher. And attacks aimed at U.K. organizations have been nowhere as fierce as those waged against U.S. banks since September 2012.
More Attacks on Way
Now that al-Qassam has just announced plans for a fourth phase of attacks, we're all bracing for more strikes against U.S. banks (see DDoS: Attackers Announce Phase 4).
But the new survey sends a clear message: No organization is safe from DDoS.
"As in North America, U.K. companies face serious challenges as they decide on DDoS protection and attempt to mitigate losses," Neustar writes in its survey study. "While many companies are hoping traditional defenses will suffice, given the frequency of attacks, their growing complexity and the impact when sites go dark, such hopes are badly misplaced."
U.K. organizations could learn quite a bit from the example U.S. banks have set. Experts have noted time and time again that European banks and others are not well-prepped for DDoS. Despite the fact that the attacks waged against U.S. banks have been among the largest the industry has ever seen, the percentage of U.S. organizations that experienced extended outages was much smaller than that of U.K. organizations, the surveys showed.
The defenses U.S. banking institutions have put in place have set a new bar. We already knew that, but now Neustar's survey results support it.
According to Neustar, while online outages lasting about 24 hours affected about 37 percent of both North American and U.K. organizations surveyed, outages lasting more than a week affected 22 percent in the U.K. and only 13 percent in North America.
Having a site down for more than a week is an embarrassment, and costly. Can you even imagine a major banking institution's site being down that long?
Banks in the U.S. are prepared for DDoS. But what about other organizations? Are non-banks getting ready for DDoS, or do they still see this as only a threat to banking institutions?
What you think? Let us know in the comment section below.