2018 saw some very unique and attention-grabbing data security incidents such as the largest distributed denial-of-service (DDoS) attack ever recorded at 1.7Tbps., the General Data Protection Regulation (GDPR) that came into effect on May 25, 2018, imposing strict new rules on how personally identifiable information (PII) is collected, processed and controlled and not to missmentioning cryptominers infiltrated networks looking for a quick score.
We’ve entered a “post-trust” era when organizations and individualsare increasingly wary of accepting promises of security at facevalue. Every time consumers interact with a brand, they make ajudgment about whether they trust a company enough to sharetheir PII. Successful cyberattacks break the trust that companieshave worked hard to establish between their brands and customers. Ramifications are no longer the sole responsibility of securityprofessionals; C-suite executives are accountable as well.
The eighth Global Application & Network Security Report by Radware combines organic research, real attack data and analyses of developing trends and technologieswith the findings from a global industry survey.
Some of the Key Highlights:
- Security professionals’ evaluation of a cyber-attack has grown 52% to $1.1M
- Primary goal for cyber-attacks is service disruption, followed by data theft
- To do so, hackers use the right tools: +20% in HTTPS floods, +15% in bursts and DNS attacks, +10% in malware and bots
- In addition, attacks are becoming more frequent (+62% experienced daily attacks) and more efficient (+15% in number of complete outages)
- Application security is the top concern for 2019
- Many rely on public cloud providers to secure their digital assets but are concerned with the level of security they actually get
- Speed and security are top drivers to explore machine learning based solutions
Emerging Attack Vectors
Attackers employ efficient techniques to cause denial of service, such as bursts,amplification,encryption or internet of things (IoT) botnets, and target the application layer tocause more harm.
Application-layer attacks caused the most damage. Two-thirds of respondents experienced application attacks. One-third foresee application vulnerabilities being a big concern in 2019, especially in cloud environments. More than half made changes and updated applications monthly, while the rest made updates more frequently, driving the need for automated security.
Cyberassaults resulting in a complete outage or service disruption grew by 15%, and one in six organizations reported having suffered a 1Tbps attack. Hackers found new tactics to bring down networks and data centers: HTTPS Floods grew 20%, DNS and Burst attacks both grew 15% and bot attacks grew 10%. A third of companies reported suffering attacks for which they could not identify the motive.
CEOs Are the New Trust Officers
Cybersecurity is becoming a very personal topic forexecutives trusted to lead companies at the highest level.To build and maintain solid relationships with customers,CEOs must take on an additional role as “chief trustofficer.” When the years of curating a brand strategy canbe obliterated with one cyberattack, assigning securitystrategy to the chief information security officer (CISO)is no longer enough. There is too much at stake.
Consider the fates of CEOs at companies with high-profilebreaches such as Equifax, Yahoo, Moller-Maersk andAnthem Healthcare. All of the work that the organizationsput into building their brands’ value evaporated themoment customers lost trust as a result of the attacks.
Before long, the CEOs of most of these companies were“pursuing other interests.” To ensure cybersecurity is an integral part of thecompanies’ business models, CEOs need to verifyefforts and fund protective measures. CEOs whodelegate security strategy without oversight do soat their own peril
Preparing for What’s Next
Businesses indicate that they understand the seriousness of the changing threat landscape and are taking steps to protect their digital assets, but the severity of security threats weighs heavy. Nearly half felt ill-prepared to defend against all types of cyberattacks, despite having security solutions in place.
Eighty-six percent of businesses explored machine-learning and artificial intelligence (AI) solutions in the past 12 months. Almost half said that quicker response times to cyberattacks were the motivation. The report saw a 44% growth in those conducting business over blockchains.
Companies continued to diversify network operations across multiple cloud providers. Two in five organizations use hybrid cybersecurity solutions that combine on-premise and cloud-based protection. Forty-nine percent of organizations in EMEA said that they were not well prepared for GDPR.
The Only Option Is Success
The cost of cyberattacks is simply too great to not succeed in mitigating every threat, every time. Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs to win back business. The GDPR and other government regulations have the capacity to bankrupt businesses that do not comply.
It is critical for organizations to incorporate cybersecurity into their long-term growth plans. Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The CEO and executive teamneed to lead the way in setting the tone and investing in securing their customers’ experience.