Companies should quantify the financial risks of security breaches

Companies should quantify the financial risks of security breaches

When setting up a security budget for tools such as x.509 SSL certificates and other types, such as Thawte and GeoTrust, a white paper by Arbor Networks said eCommerce companies need to plan for the risk of distributed denial of service attacks, which are now a large part of the online security landscape.

"Setting budget priorities for IT security investments is not an exact science," Arbor Networks said in the white paper. "One needs to assess the threat landscape and allocate investments to minimize overall business exposure. Distributed denial of service (DDoS) is a part of the threat landscape. DDoS attacks on data center operations and services have become both highly sophisticated yet easy to perpetrate."

As a result of this, enterprises, providers and cloud services are seeing more DDoS attacks on their data centers, leading to more severe business consequences. If a customer cannot get onto a website due to an attack, they may not trust a company as much. This can cause brand and reputation damage, future business lost and alienated customers.

Another big reason why businesses need to plan security precautions to avoid DDoS attacks is the amount of money lost per hour, as a survey by Arbor said an average of $92,000 is lost every hour a website is down. A graph on the expected loss of money from DDoS shows that companies that experience an attack four times every year can lose as much as $8 million, while a company attacked once every three years loses about $500,000.

A report from eWeek last year showed that a group of German hackers tried to attack SSL certificate servers with a DDoS attack. Companies need to plan for occurrences such as this by making sure their high assurance SSL certificates and website security will be able to withstand any level of attack, especially smaller DDoS attacks that may put a business down for a shorter period of time, a more common attack.