Part 1: The True cost of DDoS

  • Fabian Sinner
  • May 2, 2023

Table of content

    Part 1: The True cost of DDoS

    Denial of Service attacks are an unfortunate reality everyone on the internet is faced with. And for whatever reason, it is a topic that victims are reluctant to discuss openly. So when it does occur many organizations are unfortunately under prepared.

    The costs of a DDoS attack are manifold

    When calculating the cost of a denial of service attack there are several factors that are easy to assign a monetary value to such as:

    • the lost revenue / income per hour that is not being generated with online activities disrupted.
    • the fixed costs / overhead that still accrue.
    • wages / salary of staff at all levels of the organization (not just IT) that will be focusing on the DDoS attack instead of their regular duties.
    • consultants and or services contracted to restore connectivity and recover from the attack.

    But there are many hidden costs from a DDoS attack that can have long lasting effects and are often overlooked…

    Further costs arise where they are not expected

    The IT team will be the most obvious to suffer costs once the attack begins. An IT department can measure potential defensive success with a number of metrics – such as how quickly, effectively or accurately the attack was repelled and/or cleaned up. which typically reflect speed and/or accuracy.

    For example:

    • system availability / uptime
    • project completion deadlines
    • ticket queue size
    • average time a ticket is open

    An ongoing attack will simultaneously inflate the ticket queues with device warnings, user complaints, and related incident reports, while at the same time preempt IT personnel from their normal duties as they deal with the attack.

    Once the attack has concluded IT cannot immediately resume business as normal, it may take days or even weeks for systems to return to pre-attack productivity. Every system only has a finite amount tolerance to disruption.

    Once an attack exceeds this tolerance many systems won’t return to normal operation even after the attack has stopped without further intervention from IT. Furthermore even after normal operation are restored, the attack will have polluted systems with invalid traffic / requests – either invalid data will have to be groomed, deleted or ignored at a cost of manhours, opportunity or integrity.

    Highly recommended: Post-mortem analysis

    After all systems have returned to normal operation the IT department still has tasks to complete.  Following the attack a post mortem investigation should be conducted to ensure there were no secondary incidents like a data breach or a malware infection for which the attack was just a distraction.

    Another outcome of the post mortem will be upgrades and changes to systems and processes from the lessons learned during the attack and subsequent clean up. These tasks can further occupy IT resources for months following the attack.

    Time plays an essential role in a DDoS attack

    The common factor in all these negative outcomes is time. The longer an attack persists the greater the disruption to business, and more systems will exceed critical thresholds. And the longer systems are down, the longer the backlog of work needs to be caught up.

    While DDoS attacks are certain, their outcome will depend on how prepared you are.  When selecting DDoS protection response, time to resolution is key.  Avoiding these negative outcomes requires always on / persistent protection with minimum mean time to mitigation.

    You can learn more about the DDoS attack cost trap here on the Link11 blog shortly. If you need support until then, feel free to contact our experts at any time:

    Contact us now

    Link11 on the “Cybersecurity 500 List” for the third time
    DoS, DDoS und RDoS – What is the difference?