The biggest takeaway: Financial institutions are now far more likely to have DDoS-specific protection than companies in other industries.
These are the findings of a Neustar survey of nearly 450 companies in North America, across numerous industries: financial services, technology, retail, government/ public sector, health care, energy/utility, telecommunications, e-commerce, Internet services and media.
Financial services companies lead in adopting DDoS protection
The wave of attacks initiated by Al Quassam against US financial institutions from late 2012 through 2013 was like nothing the IT and Security industry had seen before. Large, debilitating DNS reflection attacks brought banks to a standstill—impacting their revenues and customer confidence.
Moreover, criminals are increasingly using DDoS as a diversionary tactic or “smokescreen” to access more valuable assets like intellectual property and funds. In fact, one bank suffered a $9 million cyberheist in which the attackers used DDoS to distract the security teams.
In April 2014, the FDIC issued a letter with the expectation that all FDIC- supervised banks have plans and take specific steps to mitigate the risks associated with DDoS attacks: “DDoS attacks may be a diversionary tactic by criminals attempting to commit fraud.”
The industry has fought back and is now showing other sectors how forward- thinking solutions can help. This is one key finding in Neustar’s 2014 DDoS Attacks and Impact Survey. Over 440 North American companies, including 75 financial institutions, shared their DDoS experiences of 2013, which the survey report compares to 2012 findings.
DDoS seen as a growing threat to industry
In financial services, 93 percent of respondents see DDoS as a similar or larger threat than they were a year ago.
Use of DDoS-mitigation services at 32 percent is double the rate of companies overall
Financial services companies are using DDoS-specific protection— cloud-based, mitigation hardware or a hybrid of both—at a higher rate than companies overall.
- Overall, 32 percent of financial services companies are using a DDoS-mitigation service compared to 14 percent of companies overall.
- 23 percent have adopted a hybrid solution and 17 percent use a DDoS-mitigation appliance.
Brand damage is a major concern
75 percent of financial companies cited brand/customer confidence as the leading area most affected during a DDoS outage. Across all industries, 57 percent cited this factor.
Financial services companies risk higher revenue losses
42 percent report they would lose more than $100,000 per hour if their site was down, compared to 29.41 percent of companies overall reporting such losses.
DDoS is draining manpower at higher-than-average rates
56 percent of attacks in the financial services sector required 10+ people to mitigate, compared to 40 percent for companies overall.
Read the full report. See how DDoS is evolving in complexity and danger.