Secure
Manage
Control
Accumuli PLC
Accumuli Community
Ask us a question
Download Centre Supported Customers
Login
Search
Latest News
Accumuli selected as Zscaler Summit Partner
Accumuli (AIM:ACM), the provider of advanced IT security services, is pleased to announce that it hasentered into a channel partnership agreement with... more
Trends and Truths in DDoS Attacks
The first point to note is that while hacktivism hits the headlines, it is not according to Neustar the primary motive behind DDoS attacks: ... more
Accumuli Community / DDoS & Cyber-Attacks: the business case for investing in defence

DDoS & Cyber-Attacks: the business case for investing in defence

Wednesday 25th January 2012
DDoS & Cyber-Attacks: the business case for investing in defence

The Internet is a fantastic invention and application of technology. Originating from the US government and private companies, in order to create a reliable and distributed information network, it became fully commercialised in 1995 with restrictions removed with the decommissioning of NSFNET laying the foundation of the modern way of communication, business and retail. For the online retailer, it's a huge opportunity to sell wares to a truly global audience in a rapidly growing market to which many organisations such as Amazon, Google and Betfair owe their successes.

As well as a significant business opportunity, the Internet now presents a wealth of choice to online consumers. Whilst the sales figures on the Internet are demonstrating year on year increase in online spending (at the expense of traditional retail), the modern consumer also demands fast, efficient and user friendly websites - and those who do not deliver to these ever increasing expectations are short-lived in this cyber-marketplace.

In addition to the Internet’s ability to provide access to 2.1 billion worldwide customers, online business also necessitates a defence against a minority but potentially lethal number of cyber criminals acting with motive. Hacking, defacing and denial of service are just a few of the activities these people chose to carry out, and the effects of these are detrimental to revenue. Taking the threat of Distributed Denial of Service, or DDoS, this type of cyber-attack has effects on revenue in the short and long term. Moreover, this type of attack may be difficult to mitigate (as opposed to a network or hardware failure) as nothing has actually failed in the infrastructure that can be fixed - apart from the security defence strategy. Recent examples of this type of attack by Anonymous have also shown that even a crude ‘en mass’ co-ordinated attack can have the same effect as a more professional botnet army approach – which has told us that the defences don’t take long to break…

Including DDoS mitigation in the web architecture requires some form of investment which is often this is overlooked by smaller organisations with no thought about cyber threats or 'it won't happen/hasn't happened to us' attitude. So to help build the value of an investment in DDoS mitigation, let's look at the effects on revenue as a result of an attack causing site outage.

To help illustrate this, the graph below shows the revenue stream for two online and competing retail companies, with a constant revenue stream shown in the middle (red)  as a reference. When an attack occurs, which may be over a prolonged period of time, revenue is either reduced or completely lost as depicted. During this time, in a saturated market full of other options for the online shopper, competitors not suffering from the attack will benefit, resulting in a short term increase in revenue.

DDoS Revenue Drop

 

The graph above illustrates revenue drop (light blue) as a result of attack, dark blue shows a competitor benefitting from the event.

 

Whilst sickening to lose out to the competition in the short term, what this also does is force customers into an introduction to a direct competitor and experience their website. The risk of lost revenue now extends beyond the lifetime of the attack now that the consumer has registered, shopped and experienced at another competitor. From this point, the consumer's loyalty is reduced and the risk of placing their business elsewhere has increased resulting in a reduction in revenue, especially if he or she finds the site to be easier to use, cheaper or an all-round better experience. If this weren’t enough, then there are the effects on share price, brand reputation and time to mitigate to consider too…

It is difficult to put an exact figure on the cost of a DDoS attack, but the effect is the same as any other outage and the thinking – and investment in DDoS mitigation, or cyber defence to that matter - should be as part of a wider disaster recovery or resilience programme. In weighing up the risk of outage as a result of DDoS, considerations of lost revenue, impact on share value and motive against the organisation need to be taken into account. In short, the effects of cyber-attacks now need to be taken as seriously as physical infrastructure failure as gone are the days of regular network and hardware failures – competition in this space has demanded increased reliability and resilience.

In closing, a message to the CTO and CEO: It’ll be far harder for your organisation to mitigate a cyber-attack than replace a faulty device under a 4 hour SLA… So, can I ask, do you want to take that risk?

Article written by Simon Taylor - Stategic Account Manager, Accumuli Security

        Tweet
        LinkedIn
Comments
Be the first to post a comment.
Add Your Comments
* Name:
* Location:
* Email Address:
* Telephone:
* Comments:
* Security Code:
* Terms & Conditions:
I agree to the Terms and Conditions of posting a comment on the Accumuli web site
* required fields