Research from Woburn Mass.-based cybersecurity firm Kaspersky Lab found almost 40% of surveyed businesses, including financial institutions, are not confident about protecting themselves against threats like DDoS and targeted attacks.
The 2016 Kaspersky Lab Corporate IT Security Risks annual survey asked more than 4,000 representatives of small, medium and large businesses from 25 countries about dealing with IT security and real incidents. The survey found a lack of knowledge and protection is putting all types of businesses across the globe at risk.
A DDoS attack occurs when many compromised systems attack a single target. The result is denial of service for users of the targeted system.
However, the Kaspersky Lab research found 16% of businesses unprotected altogether from DDoS attacks, and 49% relying on built-in hardware for defense. Kaspersky Labs said this is not effective against the increasing number of large-scale and so-called smart DDoS attacks, which are hard to filter with standard methods.
In many cases, Kaspersky Labs revealed, businesses assume they are already protected from these types of attacks. Forty percent of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and 30% think data center or infrastructure partners will protect them. The reality is that these organizations mostly protect businesses from large-scale or standard attacks, while smart attacks, such as those using encryption or imitating user behavior, require an expert approach.
Large-scale cyberattacks, such as on the servers of Dyn, brought down popular sites like Twitter, The Guardian, Netflix, Reddit, CNN and many others in Europe and the U.S.
The Kaspersky Lab survey found 30% of respondent take no action because they think they are unlikely targets of DDoS attacks. Surprisingly, 12% even admit that a small amount of downtime due to a DDoS incident would not cause a major issue for their company.
In reality, any company can serve as a target because such attacks are easy for cybercriminals to launch. What’s more, the potential cost of a single attack can be millions, Kaspersky Lab warned.
“As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab said. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result, business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined.”
Many community financial institutions, such as credit unions, are vulnerable because they do not believe they present viable targets. Yet credit unions and community banks present easy test beds for attackers trying to sharpen their skills and may have fewer layers of protection against DDoS and ransomware
Ashley McAlpine, fraud prevention manager of Des Moines, Iowa-based payments processor TMG warned credit union personnel it might look like these attackers are only after the big guys. “In fact, small organizations are very much on the radar of these criminals.
