Organizations are experiencing an increase in the magnitude of DDoS attacks, with the average size of attacks over 50 Gbps quadrupling in just two years, according to a report released today from A10 Networks (NYSE: ATEN), a Secure Application Services™ company.
Conducted in partnership with IDG Connect, the study also found the gargantuan 1 Tbps attacks that started last year with the Mirai botnet have begun to leave their mark, with 42% of organizations reporting an average size of DDoS attacks greater than 50 Gbps, a significant increase from 2015, when only 10% of attacks were above that size.
Multi-vector DDoS attacks continue to increase and assault networks and applications at a rapid pace, according to the report, which found the percentage of organizations that experienced between 6 to 25 attacks per year has increased from 14% in 2015 to 57% in 2017.
Network Layer Still the Primary Target
Even as DDoS attacks are increasingly impacting other areas of the stack such as the application layer, attacks at the network layer are still the most prevalent, with 29% of respondents encountering attacks at the network level.
Downtime is Down
However, DDoS solutions are rising to the challenge, with improved attack mitigation and remediation solutions shrinking the amount of downtime. As DDoS attacks take place, the downtime for organizations has shifted from increments of days to hours. The survey found that in 2017, only 15% of attacks resulted in greater than 25 hours of downtime, compared to 29% in 2015.
DDoS Prevention Budgets Increasing
A significant proportion of organizations are looking to increase their budget allocations for preventative DDoS solutions. 74% of respondents say their DDoS budgets are increasing, compared to 54% two years ago. The amount of overall budgets has also risen, from 22% to 29%.
Breadth of IT Professionals Expanding to Address DDoS Prevention
While IT security teams still top the list in terms of primary responsibility for preventing DDoS attacks, other roles have increased in importance since 2015. A more experienced and wider array of IT professionals are becoming involved in DDoS prevention efforts, such as network administrators, security architects and network architects have increased in importance, indicating an increase in skills and experience across disciplines.
Mohammed Al-Moneer, Regional Director, MENA at A10 Networks says, “Increasingly sophisticated DDoS attacks have become an inevitable part of the cybersecurity landscape, threatening the availability of enterprise websites. As the landscape continues to change and grow, new attack vectors will emerge and DDoS attacks will continue to grow in size and complexity. This will call into question the tools already in place, along with the criteria, strategies, and expertise to deploy them. Any DDoS strategy should therefore be subjected to frequent, rigorous review, against both changing business priorities and the evolving nature of potential threats. As skills increase against an evolving threat landscape, organizations in the Middle East can discern where they should spend both their time and their budgets when setting DDoS strategy and deploying the solutions that result.”
IDG Connect conducted this survey on behalf of A10 Networks to study and understand the digital security landscape. Special attention was paid to the distributed denial of service (DDoS) threats organizations face across industries.
Learn more about A10’s DDoS protection solutions here, including A10 Thunder TPS, the most powerful DDoS defense solution available on the market. A10 Thunder TPS can detect and mitigate DDoS attacks of all sizes to protect the largest, most-demanding network environments from adversaries who are responsible for the increasing sophistication of DDoS attacks.