A growing number of data center outages are caused by distributed denial of service attacks. On a technical level, DDoS campaigns are much more complicated to address than other leading causes such as human error or IT equipment failure. Accordingly, they often cost hundred of thousands of dollars to resolve.
Throughout 2013, credit unions were increasingly targeted by DDoS attacks that overwhelmed their websites with traffic and sometimes created distractions so that other threats could bypass IT security. Going into 2014, mitigating risk from DDoS through software and backup solutions will be the key to reducing the costs and consequences of IT outages.
Report finds that DDoS, equipment failure among the leading causes of outages
According to one think tank’s research, DDoS attacks accounted for only 2 percent of outages at 67 U.S. data centers in 2010. By 2013, the share had risen to 18 percent. Perpetrators have benefited from ongoing increases in network speeds and the growing complexity of IT infrastructure, both of which have made it much easier to generate massive amounts of fraudulent traffic.
The resulting server and equipment failures have footed IT departments with some steep bills. Outages caused by DDoS attacks typically ran $822,000 apiece, far outpacing the $380,000 price tag for incidents attributable to human error. Equipment issues were the most expensive cause, with each event costing slightly under $1 million.
While the length of data center outage has gone down over the past few years, related expenses have risen. The average 2013 incident lasted 86 minutes, but cost $690,204, or 37 percent more than in 2010.
Credit unions have felt the impact of more frequent DDoS attacks
The rise of DDoS attacks has affected IT operations at credit unions, which were targeted by several prominent campaigns in 2013. A $4 billion credit union in Pleasanton, Calif., and a $1.6 billion one in Austin, Texas, had online services knocked out for hours at a time in the wake of DDoS attacks.
More specifically, cybercriminals have honed tactics that put financial institution computers through the motions until they become exhausted. For example, a DDoS attack may ask a site for password resets on thousands of spurious accounts, forcing the system to go through each request. Some DDoS incidents may be distractions that facilitate wire theft, but others are politically motivated.
Credit unions may need better preparation against DDoS risk, especially since some simply rely on online banking providers or ISPs to protect data. Restore on reboot software can be easily deployed by IT administrators as part of an imaging solution, and it provides fine-tuned management of all office endpoints. Organizations can ensure that kiosks and cash dispensing services remain active even in the event of a crash or attack.