Anyone can launch one for as little as the price of a cup of coffee. A few hundred dollars can bring massive networks to their knees, prevent businesses from reaching customers or meeting SLAs (Service Level Agreement), cause devastating financial and reputational damage, and in some cases, force businesses to close their doors.

Measuring risk

How do you determine if you are at risk or, more importantly, willing to take the risk and shoulder the costs?

Cost depends on the target’s business and the level and duration of disruption it suffers. Heavily trafficked sites like gaming, web hosting, and e-commerce sites whose livelihoods depend on availability can potentially lose hundreds of thousands, if not millions of dollars, for every minute of downtime. Schools and first responders have critical civic and community missions to fulfill. If you think about the risk and cost of reputational damage or lost opportunity, that becomes a little harder to measure. Some don’t think about the risk and cost because they don’t believe they fit the profile of a victim. They may be too small or not have a significant online presence. Or they may simply weigh the residual risk of DDoS and rank it lower against stolen credentials and malware.

Even if you are a small business and think you are at a lower risk, you could be in the supply chain for a larger organization. You can be sure that your business partners are watching their threat risk factors and are increasingly concerned about doing business with companies that are not.