Breaking It Down: A Detailed Look At The Costs and Consequences Of A DDoS Attack
It isn’t uncommon to find yourself wondering why, exactly, something costs as much as it does. Standing in the racks of a clothing store, looking over a restaurant menu, sneaking a bottle of wine back onto a shelf while grabbing a different one you hope the recipient isn’t familiar with. Yes, the world is full of mysteriously high price tags.
For many, the astronomical costs associated with DDoS attacks might just fall into this category. How can an attack that causes downtime potentially come with five or even six-figure damage totals? Let’s take a look at what a DDoS attack truly does to an enterprise to illuminate just how all that cash can go flying out the door.
How it all begins
A distributed denial of service or DDoS attack starts with an attacker using malware to infect devices, enabling him or her to control them remotely en masse. This is called a botnet. With this botnet, an attacker can use a huge pool of computing resources to wallop a victim website or online service with illegitimate traffic, overwhelming the network or consuming server-side resources. As mentioned above, the end result of a successful DDoS attack – the main one, at least – is downtime.
When it comes to DDoS consequences and their associated costs, it all begins as soon as a website goes down or becomes unusable due to degraded performance. The initial hurt comes from customers being unable to access the website or service. This is an immediate loss of direct revenue as customers turn to competing companies, or indirect revenue that would have been generated by traffic.
The next associated cost begins when customers who cannot access the service or information they need due to the downtime wonder why they can’t access the service or information they need. What they often do is turn to customer service for the answer, bogging down phone, email and social media lines of communication and occupying employees who would otherwise be focused on sales or other essential revenue-generating operations. Further business operations may also be impacted if back office networks or systems are affected. With a far-reaching attack, business may come to a stand-still. The man hours lost in a DDoS attack are immense.
Add IT professionals to the list of employees who will be completely taken away from their normal tasks due to a DDoS attack as they struggle to stop the attack and then deal with the aftereffects. Just because the onslaught of traffic has ended doesn’t mean the impact of an attack is over. Servers, networks and applications still need to be brought back online, data may need to be restored, and in some cases hardware and software may even require repair or replacement. DDoS attacks can often be accompanied by data theft or other malicious intrusions, which greatly complicates recovery.
The whopping numbers you usually see attached to DDoS attacks, such as $20,000 to $100,00 per hour, stem from the immediately quantifiable costs of actually having the attack mitigated and getting everything back up and running. Recovering from even a short attack can take hours or days.
Stunning as those numbers cited above may be, they don’t include what may end up being the biggest cost associated with a successful DDoS attack on an enterprise: reputation damage. Customers who are unable to access a website or service they want – which they may pay for – will be frustrated, often frustrated enough to not only abandon a company but also complain over social media and draw attention to the company’s security issues. This is how a DDoS attack can affect both customer retention and customer acquisition, with the initial attack causing ripple effects that can hurt a business for months or even years afterwards.
These effects are made all the worse by media attention, which attacks on enterprises often garner.
Dollars and sense
The breakdown of the costs of a DDoS attack on an enterprise go to show that just because a cost is absurd doesn’t mean it can’t make total sense. Total horrible sense. So, while you still may not know why leather sweatpants 1) exist and 2) cost over $1,200 or how a glass of something you’re going to down in three minutes at a theme party could justify an extra $18 per bottle, you now know why professional DDoS mitigation is a necessity, not an option for businesses.