Experts agree attacks can have a “strong” negative impact on the UAE’s businesses in new survey
STORY HIGHLIGHTS
- Impact on customers, reputation damage and revenue loss citied as key concerns.
- 55% of IT decision-makers have experienced DDoS attacks.
- 31% say cost of recovery between US$ 20-30 million and 34% US$ 20 to 30 million.
F5 Networks: “the priority is to safeguard applications, services and the network without compromising legitimate traffic”.
DUBAI, United Arab Emirates – February 24, 2015: Leading UAE IT decision-makers today highlighted how distributed denial-of-service (DDoS) attacks are fast becoming one of the main business security risks across the country.
In a new survey commissioned by global Application Delivery Networking leader F5 Networks (NASDAQ: FFIV) 1, 55% of surveyed UAE IT decision makers said they had endured a DDoS attack.
Released ahead of tomorrow’s IDC CIO Summit in Dubai, the survey found that 27% claimed that recovery from a DDoS attack took a whole day, 46% said it took a few days, 13% a week, 9% a few weeks and 4% a month.
13% put the estimated cost of recovery as high as US $ 30 million, 31% put the figure at US$ 20-30 million, and 34% US$ 20 to 30 million.
When asked what the “most disastrous” impact of a DDoS attack would be, 47% of respondents cited the impact on customers. 19% said it would be reputation damage and 14% believed it would be revenue loss.
“DDoS attacks are a big problem in the UAE and they are only going to intensify as cybercriminals compete with each other to find new ways of causing disruption,” said Garth Braithwaite, Middle East Sales Director, F5 Networks.
“DDoS attacks can affect businesses in many ways and attacks can cause damage running into many millions of dollars, permanently ruining a company’s reputation with everything from downtime to putting customer data at risk.”
Braithwaite explained that while attackers have traditionally used personal computer networks to launch DDoS attacks, it has become increasingly common to hijack oblivious global networks of malware infected machines to coordinate large-scale attacks.
The survey also highlighted the need for greater industry-wide awareness. Only 6% said they could “very accurately” describe the difference between a Layer 3 (network protocol) and Layer 7 (application layer) attacks. 57% said they could do so “somewhat accurately”.
The findings chime with a recent global survey by UK telecommunications provider BT where Middle East organisations claimed their CEOs had one of the lowest understandings of what a DDoS attack is of all countries surveyed (17%)2.
Braithwaite stressed that the onus is now on businesses to put cybersecurity at the heart of their business strategies and do everything they can to gain a more comprehensive understanding of both cyber-attacker identity and their motivations.
“We need to be aggressive in the way we keep pace with would-be cyber-disruptors and ensure that the right protective solutions are implemented in the right place, at the right time,” he said.
“The priority must be to safeguard applications, services and the network without compromising legitimate traffic. The good news for businesses is that there are a number of powerful solutions on the market.”
In particular, Braithwaite pointed to the potential of full-proxy firewalls that can handle hundreds of thousand connections per second, policy management solutions that curb unauthorised access without impacting on the end-user, and uptime-boosting application security and traffic manager solutions that combine to block malicious intrusions and re-route legitimate requests.
“The threat of DDoS attacks is higher than ever,” added Braithwaite.
“It is up to UAE businesses to meet the challenge head-on and without complacency. This is an ongoing process and only the best prepared will avoid the costly pitfalls.”
Megha Kumar, Research Manager – Software, IDC MEA, said:
“Security is a priority for organizations, but is a struggle. Threat sophistication remains an impediment to achieve a comprehensive security posture and CIOs in the region have expressed that maintaining security is their top most technical challenge. Security skills shortages and the lack of abundant security budgets in the region makes this a daunting task. Organizations in the region need robust, comprehensive and proactive security strategies that can help them stay ahead.”
