Businesses don’t need to have external interfaces such as public websites, customer portals and transactional systems to be affected by a DDoS attack, according to a study by Kaspersky Lab and B2B International. Internal web services, operations and connectivity are just as vulnerable – for manufacturing companies especially.
In 2015, one in six (16pc) companies worldwide suffered a Distributed Denial of Service (DDoS) attack, with the attack rate rising to one in four (24pc) for enterprises. For most, these attacks focused on external activities. Just under half of those affected said their public websites had been hit, while around a third said that customer portals and logins (38 per cent) and communications services (37 per cent) had been impacted. A quarter found that a DDoS attack had affected transactional systems. However, some companies discovered that a DDoS attack had affected their internal web services. A quarter said that their file servers had been affected and 15 per cent said their operational systems had been hit. Another 15 per cent said a DDoS attack impacted overall ISP network connectivity.
In terms of the business sector, manufacturing was particularly susceptible to the internal impact of a DDoS attack, with a quarter saying their operational systems had been affected and over a third noticing an impact on file servers; while up to one in five telecoms, transportation, IT and government organisations noticed that their network connectivity had suffered.
Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab, said: “It’s important to take a DDoS attack seriously. It’s a relatively easy crime to perpetrate, but the effect on business continuity can be far-reaching. Our study found that alongside the well-publicised impact of an attack, such as website downtime, reputational damage and unhappy customers, DDoS hits can reach deep into a company’s internal systems. It doesn’t matter how small the company is, or whether or not it has a website; if you’re online, you’re a potential target. Unprotected operational systems are just as vulnerable to a DDoS attack as the external website, and any disruption can stop a business in its tracks.”
