We recently surveyed many of these people and uncovered some telling truths about the state of DDoS defenses. Senior security leaders from the banking, financial services and insurance sectors explain what that landscape looks like today. The survey, which engaged 300 Chief Information Security Officers (CISOs) and security directors from companies with annual revenues of at least $250 million, reveals a stark reality: despite increased budgets and efforts, organizations remain vulnerable to DDoS attacks.
With regard to DDoS, this year’s survey indicates that 85% of respondents have boosted their DDoS budgets. This move marks a significant step toward understanding the very real and present threat of these attacks. Just 5% of respondents said they were completely confident in their existing DDoS defenses. This inconsistency introduction makes it difficult to measure the actual effectiveness of investments put into DDoS mitigation strategies.
The Impact of DDoS Attacks
The key takeaway from the survey is the extent of the DDoS threat organizations must deal with. In fact, respondents reported an average of 3.85 damaging DDoS incidents over the last year. Each release participant endured at least one attack that resulted in death, injury, or significant property damage. Importantly, 60% of our respondents said they had experienced two to five destructive events.
The effects of these attacks vary significantly. Fifty-eight percent indicated that their most damaging attack had a moderate impact. Even more troubling, 42% of these organizations said that the damage was severe or even extensive and interrupted their online services. Larger enterprises, particularly those with more than 10,000 employees, suffered the most during these attacks. When it came to reporting “great deal of damage,” they were three times more likely than smaller firms to answer in the affirmative.
Challenges in Defense Strategies
Budgets are increasing for DDoS defenses at record rates, the findings from our annual survey show serious struggles in dealing with these threats effectively. Unbelievably, 99% of respondents still rely on outdated periodic manual testing to measure their defenses. This sequential approach frequently involves significant downtime and risks exposing gaps in security.
In addition, as AI-powered DDoS attacks have increased, the efficacy of traditional testing approaches has diminished. Organizations are struggling to stay ahead of these constantly changing threats. This reality highlights the needs for more flexible and ongoing testing regiments that are timely and expansive.
Though 97% of respondents understood that automated reporting tools can help identify misconfigurations and vulnerabilities with no downtime, just 8% understood these solutions are currently out there. This lack of understanding is a significant identifying factor and barrier to alleviating DDoS defenses.
Addressing the Resilience Gap
These results from MazeBolt’s survey serve to highlight the need for organizations to improve their DDoS resilience. Survey respondents recognize that all the millions of dollars we’re spending on defensive measures won’t cut it. They highlight the importance of having complete visibility into their environments and embracing continuous DDoS testing and validation.
So security leaders should put their attention on developing strong strategies. These strategies must include automated reporting and proactive testing to meet the increasing sophistication and scale of DDoS attacks. Beyond that, organizations would do well to focus on using emerging technologies to stay proactive against these new threats and reduce their risk surface.