Since Mother Nature decided to flex her muscles recently, insurance has become something of a hot topic. No sooner had her meteorological storm blown through, a media storm whipped up, centred around insurance and known risk.
UnderstandingInsurance.com.au defines risk as “the chance that something harmful or unexpected could happen”. We manage risk by assessing the likelihood of an event occurring and the resulting impact should it eventuate. Based on that assessment, we take steps to protect ourselves against the risk: adapting our environment, changing our behaviours and taking out insurance.
According to Arbor Network’s 11th annual Worldwide Infrastructure Security Report, 72% of Enterprises experienced 1-10 DDoS attacks per month, that’s between 12-120 attacks per year. With the chance of an attack being so high, why aren’t more businesses taking steps to protect themselves against the known risk?
Here are some of the common misconceptions we have heard…and our response:
DDoS attacks only happen to other people
DDoS attacks are non-discriminating and can happen to just about any size business, in any given industry. As long as you have some form of Internet presence, you could be the victim of a DDoS attack.
We’ve never been targets of a DDoS attack before…
The odds are changing. It’s never been easier to launch a DDoS attack. Combine this with the fact that there are many motivations behind them and you see why there has been a dramatic rise in the number of DDoS attacks.
We were at risk of a DDoS Attack a while back, but it’s been fixed
DDoS is not a new problem and many organisations will have some form of protection in place. But what they fail to recognise is that the modern day DDoS attack is much more complex than the simple attacks from years ago. And, in many cases, the old methods of DDoS attack protection (such as firewalls) simply are not adequate to protect against a modern day attack.
We were recently hit by a big DDoS attack, so we’re unlikely to get hit again
According to our 11th annual WISR, over the last eight years, the size of DDoS attacks has increased 60X! And there are no signs of this trend stopping. Which means we are yet to see the mother of all DDoS attacks.
If we were at risk of a DDoS attack our ISP would alert us
You pay your ISP for Internet connectivity. They are obligated to maintain your connections and delivery of your traffic – regardless of whether this traffic is good or bad. They are not obligated to clean your traffic, unless this is a specific service you pay extra for.
It’s only a DDoS attack; it’s no big deal – we can withstand it
This is where we see many organisations underestimate the impact of a DDoS attack. Lost revenue from a down service is only the beginning. The cost to mitigate the attacks, lost productivity, SLA credits, and brand repair are just some of the indirect costs associated with a DDoS attack that are commonly overlooked.
We’ve got business insurance policies so we’re covered
You might have general business insurance relevant to your industry, but do you have cyber insurance? And does it cover all costs associated with a DDoS attack? It pays to check.
Today, the physical, digital and natural worlds all pose risk to businesses. No matter what industry you are in, where you are located, or how big your company is, do your research, seek out the facts and aim to understand the chance of something harmful or unexpected happening. Determine the amount of risk you’re willing to live with, consider what measures you need to take to protect yourself and then take the necessary steps to do so.