Story image

CDNetworks study shows cybersecurity confidence is actually complacency

12 Oct 2017

​A new report has revealed that spending on cybersecurity for DDoS in the UK and DACH has surged sharply in the last 12 months.

CDNetworks released the study conducted by Sapio Research to delve into the current DDoS environment across the UK, Germany, Austria and Switzerland.

The global content delivery network (CDN) and cloud security provider asserts the increased investment has led to widespread confidence amongst IT heads in their DDoS resilience, but this is actually complacency as these same companies also confessed to a high proportion of DDoS attacks being successful in the last 12 months.

According to the research, recent high-profile DDoS attacks have been very effective in driving investment in DDoS mitigation:

  • 49 percent have invested in DDoS mitigation technologies for the first time in the last 24 months
  • Almost two-thirds (64 percent) are likely to invest more next year than in the last 12 months
  • 9 percent will be investing in DDoS mitigation for the first time in the next 12 months
  • The average annual spend is £24,200, with one-fifth of businesses investing more than £40,000.

Seemingly because of this increased investment, 83 percent of businesses described themselves as either ‘confident’ or ‘very confident’ in their current DDoS mitigation setup. This is despite 79 percent describing an attack as being likely or even certain.

A staggering 86 percent of businesses admitted to being victims of a DDoS attack in the last year, while 54 percent have undergone an attack that was able to take their website, network or online app offline.

And while the average business has been attacked six times, one in every 12 has detected more than 50 attacks over the last year alone.

CDNetworks asserts the prevalence of successful attacks can be possibly explained by the simple fact that there are more of them – plus they’re getting bigger and more comprehensive.

According to CDNetwork’s own network monitoring data, the largest detected attack in the first half of 2016 was nearly three times the size of the largest of 2015 – 58.8Gbps versus 21Gbps.

Furthermore this wasn’t a freak occurrence as more than 31 percent of attacks in the first half of 2016 were more than 50Gbps.

“The results are both comforting and worrying. It may have taken high profile attacks on Dyn and the overpowering of the likes of Twitter and CNN to spur businesses into action, but we’re glad that DDoS is now seen as an issue that needs to be addressed,” says Chris Townsley, EMEA Director of CDNetworks.

“However, the size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to be complacent or regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.”

CDNetworks affirms the most common impacts of successful DDoS attacks were loss of commercial opportunity (81 percent could trace this impact directly to a DDoS attack), the cost of remedy and strain on the IT team itself (16 percent for both).

Interestingly, 31 percent (and the largest proportion) believe that rivals are behind at least some of the DDoS attacks they’ve been targeted by – next up was random targeting at 23, hate crime at 22 percent, and blackmail at 21 percent.

Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.