How DDoS attacks impact service providers

There’s a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey. The findings demonstrate that while almost all participants (92 percent) have some form of DDoS protection in place, it is insufficient to stop an attack before damage is done.


Most respondents incurred increased operational expenses due to DDoS attacks, with more than 35 percent of the providers surveyed indicating that they are hit with one or more attacks weekly. The respondents represented companies of all sizes, from small to large.

The largest group represented in the survey was small companies of one to 999 employees worldwide (52 percent of all companies surveyed), with organizations of fewer than 250 employees (20 percent) as the largest subgroup.

Among the findings were:

  • 61 percent of providers feel that DDoS is a threat to their businesses.
  • Only 16 percent of the providers surveyed indicated that they had been rarely or never hit by a DDoS attack.
  • The top three industries with customers affected by DDoS attacks are managed hosting solutions (MHS), voice over IP (VoIP) and platform as a service (PaaS).
  • In case of a DDoS attack, 34 percent of the surveyed providers remove the targeted customer, and 52 percent temporarily null route or block the problem customer.
  • 64 percent of PaaS providers have been impacted by DDoS.
  • 56 percent of MHS providers have been impacted by DDoS.
  • 52 percent of infrastructure as a service (IaaS) providers have been impacted by DDoS.

“DDoS attacks lasting hours or even minutes can lead to loss of revenue and customers, making DDoS protection no longer a luxury, but a necessity,” said Shawn Marck, CSO of Black Lotus. “DDoS attacks will continue to grow in scale and severity thanks to increasingly powerful (and readily available) attack tools, the multiple points of Internet vulnerability and increased dependence on the Internet. Enterprises have to move from thinking of DDoS as a possibility, to treating it as an eventuality.”

Source: http://www.net-security.org/secworld.php?id=18043