1 in 5 UK companies victim of damaging DDoS attacks

Over a fifth (22 per cent) of UK organisations suffered disruptive distributed denial-of-service (DDoS) attacks last year, according to research.

A report from IT security firm Neustar revealed that 37 per cent of attacks lasted over 24 hours, and that 22 per cent lasted over a week.

The report, which questioned 380 UK IT professionals, found that within key industries the risk of a damaging DDoS was higher. It found that telecommunications (53 per cent of those surveyed), Internet-ecommerce (50 per cent) and online retail (43 per cent) were the sectors most in the firing line from DDoS attacks.

During the attacks, financial services and telecommunications firms experienced the highest downtime, leading to heavy losses from an outage. The research found that 26 per cent of all attacks on the financial sector had a revenue impact of over £100,000.

Worringly, a fifth (20 per cent) of responding UK companies admitted to having no DDoS protection in place. "There is a high reliance on devices not built to mitigate DDoS attacks", Neustar said.

"It’s important to note the distinction between network protection solutions and DDoS protection solutions," he added. "Firewalls, routers and switches can protect against intrusive attacks to some extent, but they compound the effects of DDoS attacks by allowing malicious traffic to reach networks, leading to the bottlenecking of traffic."

Neustar said intrusion detection systems (IDS) are used by 20 per cent of UK companies as DDoS protection when, in fact, like a firewall, an IDS becomes a bottleneck during attacks.

An IDS can however help defend against growing two-pronged attacks, in which a DDoS is a distraction while the attacker breaches the system, aiming to steal customer data, government secrets or intellectual property.

The research found that 25 per cent of organisations reported using comprehensive purpose-built anti-DDoS equipment on their premises or cloud-based services to prevent attacks.