As cybersecurity architects, we see an unsettling trend unfolding before our eyes, Distributed Denial of Service (DDoS) attacks are scaling to levels that were once considered impossible. What was once a rare event worthy of headlines has become a recurring reality — and the velocity of growth is nothing short of alarming. For those of us working closely with customers and the broader ecosystem, it is critical we acknowledge this shift and help organizations understand that DDoS is not a “background noise” risk. It is a clear and present threat to availability, trust, and business continuity.

The Ridiculous Growth in Numbers

Let’s look at the data to put this in perspective:

  • In 2021, Microsoft reported mitigating an attack at 3.47 Tbps — a milestone at the time.
  • By late 2024, Cloudflare was already handling floods around 5.6 Tbps.
  • In Q1 2025, Cloudflare disclosed blocking 20.5 million DDoS attacks in a single quarter — representing a 358% year-on-year increase.
  • By mid-2025, we saw peak floods at 7.3 Tbps.
  • Just months later, in September 2025, Cloudflare defended an 11.5 Tbps attack delivering 5.1 billion packets per second.
  • And now, reports suggest a staggering 22.2 Tbps attack, the largest ever documented.

The growth curve is not just linear — it’s exponential. These figures are not hypothetical or lab simulations. They are real-world events impacting live services.


Why This Matters

Many organizations still treat DDoS as an afterthought — something that only “large targets” need to worry about. This perception is dangerously outdated.

The reality is that:

  • Attack capacity far exceeds standard enterprise connectivity. Most corporate internet uplinks sit in the hundreds of Mbps or single-digit Gbps. A multi-Tbps flood will saturate those links instantly.
  • Attacks are short and sharp. Modern DDoS floods often last 30–60 seconds, designed to overwhelm services before human intervention is even possible.
  • Scale is accessible to attackers. With the availability of DDoS-as-a-service and amplification techniques, adversaries no longer need state-sponsored budgets to launch devastating floods.

From a business perspective, the cost of downtime is often measured in millions per hour when customer-facing services are impacted. For some sectors — financial services, healthcare, critical infrastructure — the consequences extend beyond revenue to reputational damage and even public safety.

The Key Question

So we must ask ourselves, and our partners: Are you still assigning direct public IP addresses to VMs or web applications without proper DDoS protection in place?

If the answer is yes, then your services remain an exposed target in a world where Tbps-scale floods are happening with increasing frequency.


Our Responsibility as a Community

As architects, advisors, and trusted partners, it’s our duty to ensure that organizations don’t underestimate DDoS as “noise traffic.” We need to emphasize that cyber resilience is not optional. Availability must be designed in from the start. For us at Dicker Data, working closely with Microsoft and our ecosystem of partners, this is about more than technology — it’s about trust and continuity. When services stay online, customers can focus on their core differentiation, pursue digital transformation, and confidently adopt advanced technologies such as AI and analytics.

But all of that collapses if the foundation — availability — is not secured.

 

Final Thoughts
The escalation of DDoS is not a distant threat. It is unfolding here and now, in our own backyard. The numbers are ridiculous, the scale is unprecedented, and the attacks will only continue to grow. To our valued partners: be mindful, be proactive, and do not ignore the risk of DDoS. The question is not if your service will be tested, but when — and whether you are prepared to withstand it.