Neustar's new study found that organizations most often discover successful DDoS attacks against them from after being alerted by third-party or their customers.
Although the awareness of DDoS attacks is rising, it is obvious that organizations will need a lot of time to learn how to detect and respond to them.
Neustar has conducted a large-scale survey over the past three years by researching around 1010 corporate executives around the world on the frequency and impact of DDoS attacks on their organizations.
About 50% of the respondents are members of companies with revenues of between $ 500 million and $ 1 billion.
The study`s results show that DDoS attacks have increased in frequency and volume, even as organizations are struggling to DDoS attack protection and mitigate them quickly.
84% of all respondents, or about 850 companies, said they had experienced at least one DDoS attack in the last 12 months, compared with 73% according to last year's survey.
86% of these 850 companies say DDoS attacks against them were more than one in the past year.
Almost half of the affected organizations claim that DDoS attacks against them have coincided with some other form of a cybersecurity breakthrough or malicious activity on their networks, including data theft and ransomware attack.
For example, 47% reported that they found viruses on their network after a DDoS attack, 43% - a malware and 32% - theft of their customers' personal data.
The study also found that in many cases victim organizations did not know they were the targets of a DDoS attack until a third-party or a customer alerted them. In fact, one out of five victim organizations in the past year has learned about the DDoS attack by an outside person.
Time to identify the DDoS attack
Globally, more than half of all organizations that have suffered a DDoS attack needed a minimum of three hours to positively identify it. 38% said they needed between 3 and 5 hours. On average, the victims needed around three hours to respond to a DDoS attack, which is much slower than the reaction time reported by respondents in last year’s survey.
Potential losses that companies may face as a result of a DDoS attack are significant. More than 6 out of 10 organizations surveyed estimate that they would lose up to $100,000 in revenue per hour in the event of a disruption caused by a DDoS attack. Some 31% say they could lose between $250,000 to $1 million per hour, while 12% claim potential revenue losses of over $1 million per hour.
Barrett Lyon, head of Neustar's research, believes that lack of experience in dealing with DDoS attacks is one of the reasons for the delayed detection and response, and another reason is that the major attacks that large attacks that take infrastructures offline are rather easy to detect, but smaller ones are much more difficult to pin down.
"To those who have limited experience in mitigating attacks or have low-end protection, small complex attacks may be initially treated with performance investigations and diagnostics before arriving at the conclusion of an attack," Lyon says. "Unfortunately, many types of DDoS attacks ramp up quickly and can be over in a matter of minutes."
This can happen quickly enough to bypass the attack detection but long enough to be noticed by external users, especially if the target is a web-based service such as online banking, airline ticket reservations, utility payment systems and more.