Denial of service: Coming to an office near you?

An increasing number of smaller companies are being targeted by denial of service attacks, showing it's not just large corporates or those who offer a tempting target to extortionists who are at risk from this type of attack.

Last year the problem of DoS attacks was most closely associated with online bookmakers threatened with site-crippling levels of traffic in the build-up to potentially lucrative sporting events if a ransom wasn't paid.

But according to one email security company, these kinds of attacks are now so commonplace and easy to launch that they are becoming an issue for firms of all sizes.

Neil Hammerton, managing director of Email Systems, believes an attack targeted at one of his company's customers in the past month highlights the growing need for companies to move across to a managed security services provider (MSSP).

A customer in the engineering sector was subjected to a denial of service attack which launched 12 million emails during January. Of those only 54,000 emails – or less than 0.5 per cent of total email traffic - were legitimate.

While in-house filtering at the gateway or the desktop may have proved effective for many companies to date, those faced with this level of attack will inevitably start questioning the logic of even bringing that traffic in-house before filtering can commence.

"That attack would have rendered the domain useless without the provision of an email management service," said Hammerton.

And the analysts appear to agree.

Gartner has long been predicting a concerted move to MSSPs and expects to see 60 per cent of companies outsourcing their security by the end of 2005.

According to a report from Carnegie Mellon University's Computer Emergency Response Team (CERT) the managed services model offers more cost-effective and robust security than companies can manage in-house for combating specific problems such as DoS attacks and the general bandwidth drain associated with spam and viruses.