Channel firms are being left vulnerable says Kaspersky Lab
Around one in four IT, telecoms and financial services companies experienced a distributed denial of service (DDoS) attack over the last 12 months, according to a survey conducted by Kaspersky Lab and B2B International.
However, while just under half (47 percent) of financial businesses accept that they are prime targets, IT and telecoms companies don’t think they are any more at risk than other sectors, which could be leaving them vulnerable when it comes to IT security, said Kaspersky.
The study found that, overall, a third of companies (36 percent) believe they are likely targets for a DDoS attack, increasing only slightly for IT (40 percent) and telecoms businesses (38 percent). One in six (16 percent) of those surveyed has actually been hit, but this figure rises to one in four for companies in the IT (21 percent), financial services (22 percent) and telecoms (24 percent) sectors.
DDoS attacks have become one of the most popular weapons in the cyber-criminal arsenal, used to extort money, disrupt operations or damage reputations, and also to distract attention from another cyber-attack being carried out at the same time. Nearly 75 percent of businesses have said that DDoS attacks against their companies corresponded with other security incidents.
Yet the study shows that many companies “lack awareness” of DDoS and are unsure about how to stop them or limit their impact. Only 52 percent of companies feel “well-informed” about DDoS attacks and just 53 percent know how to prevent or mitigate them, rising to 61 percent of those in financial services and telecoms.
“As the recent DDoS attacks on telecoms companies and banks reveal, businesses in these sectors represent prime targets for DDoS attackers. In some cases, DDoS attacks are a smokescreen for cyber-theft or result in exorbitant ransom demands,” said Evgeny Vigovsky, head of Kaspersky DDoS Protection, Kaspersky Lab.
“That is why vulnerable sectors need to be extra-vigilant about security and be ready to deal with DDoS attacks. They need to build their understanding of the threat and choose the best protection against it. The days of DDoS attacks being an operational frustration that just resulted in some downtime are long over.”