Nearly three out of every four companies have faced a computer attack in which adversaries flood their servers with traffic to overwhelm their networks, according to a new survey that paints a grim picture of the private sector’s cybersecurity landscape.
The survey from Internet monitoring firm Neustar, conducted in the winter of 2015, reveals that 73 percent of companies have faced these distributed denial-of-service (DDoS) attacks, while 82 percent suffered multiple attacks, and 56 percent learned of them only after a third party contacted them. Nearly half (45 percent) of companies had been DDoSed at least six times.
Given the grim reality of cyberspace, it’s no surprise that more than three-quarters of companies (76 percent) are spending more in 2016 than they did in 2015 to counter DDoS attacks. The question is how extensively they can harden their networks, especially when their employee IT policies may lag years behind best practices.
Because they are so inexpensive and easy to launch—anyone can download a free tool like Low Orbit Ion Cannon and instantly join a campaign—DDoS attacks are the most popular form of cyber mischief directed at companies and governments. Hacktivist collective Anonymous uses them to take down websites owned by repressive regimes and hate groups. Hackers linked to Russia used them to bring Estonia’s Internet to its knees in 2007.
The volume of gibberish traffic sent by DDoS attackers is also mounting. More than half of the attacks in 2015 reached a bandwidth of 5Gbps, a rate high enough to seriously complicate efforts to shut them down.
Neustar’s winter 2015 survey also revealed that “smart” devices, part of the growing Internet of Things, are an enticing new attack vector for hackers.
These attacks—which exploit flaws in new, largely unregulated devices like Internet-connected refrigerators and thermostats—are mounting. Eight in 10 companies that use smart devices have been breached, with hackers stealing data from 43 percent of them. Approximately half (48 percent) of companies that rely on Internet-connected devices say they have discovered malware in them.
Nearly a third (32 percent) of companies said they had seen a loss of customer trust or damage to their brand as a result of a DDoS attack or data breach.