Zayo Group Holdings has announced its annual Distributed Denial of Service (DDoS) insights report, analysing DDoS attack activity and impact across industries in the first half of 2023.
The global landscape of increasing digitisation, political unrest and the emergence of widespread adoption of work from home, have all contributed to an increase in DDoS attacks, which jumped 200% in H1 2023 compared to the full year 2022.
Key findings in brief:
- Rapid acceleration of attacks: There was a 314% increase in overall attacks from the first half of 2022 to the first half of 2023. But that’s putting it lightly—in some industries, the growth was over 1,300%.
- Q2 2023 reached a fever pitch: As attackers continue to exploit the sophistication of AI and automation, there was a 387% increase in attack activity from Q1 to Q2 of this year alone.
- Industries under fire:
- Telecommunications companies were a prime target for attackers due to the critical role telecom providers play in providing communication and internet services. The industry saw the most frequent attacks, accounting for roughly half of the total attack volume, with more than 37,000 attacks in the first half of 2023. Education, which had the highest frequency of attacks in the first half of 2022, was just behind the telecommunications industry. Cloud and SaaS companies also saw a significant increase in the frequency of attacks from the first half of 2022 to the first half of 2023. Retail, telecommunications and media companies experienced the largest attacks, with an average attack size of 3Gbps across all three verticals, which is a large enough attack to take down one to two offices depending on the company size. The largest aggregate attack, against the telecom sector, was 978Gbps. Comparatively, in 2022, telecommunications and government experienced the largest attacks.
- The government sector experienced the longest attacks of any sector, a change from healthcare in 2022. Across all industries, the average duration of attacks increased by 216% from Q1 to Q2, with the finance industry seeing the largest leap from 41min to 108min.
Why it matters:
DDoS attacks are the most common cyber attack against an organisation’s online presence. These are deliberate attacks in which a target’s internet circuit is flooded with fake or illegitimate traffic to prevent true user traffic from passing. Even small attacks can cause hours of downtime, resulting in immense costs for businesses, including lost money, time, customers and reputation.
No matter the attack frequency, duration, or size, unprotected organisations experienced an average cost of $200,000 per DDoS attack, according to HubSpot. Even small businesses are hit hard, with average costs of $120,000 to recover.
“When your business will get hit by a DDoS attack is a game of probability,” says Anna Claiborne, SVP of Packet and Product Software Engineering at Zayo. “With a huge rise in attacks in 2023 and more attacks over 100Gbps, the odds are not in your favour. While there are a myriad of statistics on the cost of remediating a DDoS attack, the long-tail loss of customer confidence after an attack is difficult to quantify and even more difficult to fix. Running any business on the internet without DDoS protection is a risk, and you have to ask yourself if it’s one worth taking.”
Click here for more latest news.