Organisations are experiencing an increase in the magnitude of DDoS attacks, with the average size of attacks over 50 Gbps quadrupling in just two years, according to a report released today from A10 Networks.
Conducted in partnership with IDG Connect, the study also found the gargantuan 1 Tbps attacks that started last year with the Mirai botnet have begun to leave their mark, with 42% of organisations reporting an average size of DDoS attacks greater than 50 Gbps, a significant increase from 2015, when only 10% of attacks were above that size.
Multi-vector DDoS attacks continue to increase and assault networks and applications at a rapid pace, according to the report, which found the percentage of organisations that experienced between 6 to 25 attacks per year has increased from 14% in 2015 to 57% in 2017.
Network Layer Still the Primary Target
Even as DDoS attacks are increasingly impacting other areas of the stack such as the application layer, attacks at the network layer are still the most prevalent, with 29% of respondents encountering attacks at the network level.
Downtime is Down
However, DDoS solutions are rising to the challenge, with improved attack mitigation and remediation solutions shrinking the amount of downtime. As DDoS attacks take place, the downtime for organisations has shifted from increments of days to hours. The survey found that in 2017, only 15% of attacks resulted in greater than 25 hours of downtime, compared to 29% in 2015.
DDoS Prevention Budgets Increasing
A significant proportion of organisations are looking to increase their budget allocations for preventative DDoS solutions. 74% of respondents say their DDoS budgets are increasing, compared to 54% two years ago. The amount of overall budgets has also risen, from 22% to 29%.
Breadth of IT Professionals Expanding to Address DDoS Prevention
While IT security teams still top the list in terms of primary responsibility for preventing DDoS attacks, other roles have increased in importance since 2015. A more experienced and wider array of IT professionals are becoming involved in DDoS prevention efforts, such as network administrators, security architects and network architects have increased in importance, indicating an increase in skills and experience across disciplines.