3 Dangerous Myths About DDoS Attacks

Distributed denial of service (DDoS) attacks are a growing but frequently misunderstood threat in the cybersecurity world. Defined generally, a DDoS attack occurs when an adversary directs traffic that is either large in volume or ill-formed against a service in order to render that service unavailable to legitimate users. Today, we seek to combat a few common myths about DDoS attacks that may be standing in the way of organizations’ ability to effectively mitigate these threats.

Myth #1: DDoS attacks are not a big deal.

Many people are under the impression that a DDoS attack is not a big deal because its goal isn’t to steal data or gain unauthorized system access. DDoS attacks are often over in just a few minutes or hours. Occasionally, the worst ones can last a few days. Because of the seemingly-limited scope of their reach and timeframe, it’s easy for managers to believe that DDoS attacks are not something to be concerned about. This is a common mistake. Even without stealing anything or carrying out a prolonged offensive, DDoS attacks can do significant damage to your company’s productivity, uptime, and reputation.

Myth #2: DDoS attacks primarily target websites or API endpoints.

It can be easy to fall for Myth #1 and become complacent when you are not seeing the entire universe of possible targets or consequences that a hacker sees. Any Internet-connected device is at risk of DDoS attacks.

The largest-known DDoS attacks in 2016 didn’t just take down single websites; they took down vast swaths of infrastructure. And as the number of poorly-secured Internet of Things (IoT) devices has increased exponentially in recent years – think cars, fitness trackers, medical devices, and household appliances – more devices are now available to hackers seeking to zombify and use them in an attack. DDoS has grown into a full-blown criminal industry that continuously seeks ways to innovate and expand.

Myth #3: The cost of a DDoS attack to our business isn’t as a big of a concern as other types of attacks.

As the thinking goes, if DDoS attackers aren’t stealing financial or customer data, then the fallout from an attack will probably not be as big of a financial concern as other breaches could be. Therefore, given limited resources, we don’t need to spend as much time protecting ourselves against this threat.

Research into the financial implications DDoS attacks have on downtime, lost revenue, lost customers, and reduced productivity paints a very different picture. For example, an Incapsula study from 2014 estimated that the average cost of a DDoS attack is around $500,000 per incident. Other studies have put this estimate much higher.

Preventing DDoS Attacks On Your Organization

As you can see, DDoS attacks are becoming more prevalent, expensive, and easier to carry out by a growing number of motivated hackers. Protecting your organization starts with recognizing these truths.

We encourage you to check out our white paper, “DDoS: The Threat That Won’t Go Away”. This white paper will provide more information about DDoS attacks, including common types and other notable trends, as well as mitigation strategies and tactics you can begin implementing now.

Thankfully, there is a growing body of tools and vendors available to combat the DDoS threat. Beware that there are also a growing number of charlatans in this space, including some that are run by DDoS-for-hire gangs themselves.

A good overall Vulnerability Risk Management(VMR) strategy will feed into an effective DDoS mitigation plan. If you need outside help to develop and execute your VRM program or DDoS prevention plan, contact NopSec for assistance and recommendations.