Large DDoS attacks over 50 Gbps have quadrupled between 2015 and 2017

Organizations are experiencing an increase in the magnitude of DDoS attacks, with the average size of attacks over 50 Gbps quadrupling in just two years, according to A10 Networks.

Growth of DDoS attacks

Large DDoS attacks

The study also found the gargantuan 1 Tbps attacks that started last year with the Mirai botnet have begun to leave their mark, with 42% of organizations reporting an average size of DDoS attacks greater than 50 Gbps, a significant increase from 2015, when only 10% of attacks were above that size.

Multi-vector DDoS attacks continue to increase and assault networks and applications at a rapid pace, according to the report, which found the percentage of organizations that experienced between 6 to 25 attacks per year has increased from 14% in 2015 to 57% in 2017.

Network layer still the primary target

Even as DDoS attacks are increasingly impacting other areas of the stack such as the application layer, attacks at the network layer are still the most prevalent, with 29% of respondents encountering attacks at the network level.

Downtime is down

However, DDoS solutions are rising to the challenge, with improved attack mitigation and remediation solutions shrinking the amount of downtime. As DDoS attacks take place, the downtime for organizations has shifted from increments of days to hours. The survey found that in 2017, only 15% of attacks resulted in greater than 25 hours of downtime, compared to 29% in 2015.

Multi-vector DDoS attack breakdown

Large DDoS attacks

DDoS prevention budgets increasing

A significant proportion of organizations are looking to increase their budget allocations for preventative DDoS solutions. 74% of respondents say their DDoS budgets are increasing, compared to 54% two years ago. The amount of overall budgets has also risen, from 22% to 29%.

Breadth of IT professionals expanding to address DDoS prevention

While IT security teams still top the list in terms of primary responsibility for preventing DDoS attacks, other roles have increased in importance since 2015. A more experienced and wider array of IT professionals are becoming involved in DDoS prevention efforts, such as network administrators, security architects and network architects have increased in importance, indicating an increase in skills and experience across disciplines.