Story image

CDNetworks study shows cybersecurity confidence is actually complacency

12 Oct 2017

​A new report has revealed that spending on cybersecurity for DDoS in the UK and DACH has surged sharply in the last 12 months.

CDNetworks released the study conducted by Sapio Research to delve into the current DDoS environment across the UK, Germany, Austria and Switzerland.

The global content delivery network (CDN) and cloud security provider asserts the increased investment has led to widespread confidence amongst IT heads in their DDoS resilience, but this is actually complacency as these same companies also confessed to a high proportion of DDoS attacks being successful in the last 12 months.

According to the research, recent high-profile DDoS attacks have been very effective in driving investment in DDoS mitigation:

  • 49 percent have invested in DDoS mitigation technologies for the first time in the last 24 months
  • Almost two-thirds (64 percent) are likely to invest more next year than in the last 12 months
  • 9 percent will be investing in DDoS mitigation for the first time in the next 12 months
  • The average annual spend is £24,200, with one-fifth of businesses investing more than £40,000.

Seemingly because of this increased investment, 83 percent of businesses described themselves as either ‘confident’ or ‘very confident’ in their current DDoS mitigation setup. This is despite 79 percent describing an attack as being likely or even certain.

A staggering 86 percent of businesses admitted to being victims of a DDoS attack in the last year, while 54 percent have undergone an attack that was able to take their website, network or online app offline.

And while the average business has been attacked six times, one in every 12 has detected more than 50 attacks over the last year alone.

CDNetworks asserts the prevalence of successful attacks can be possibly explained by the simple fact that there are more of them – plus they’re getting bigger and more comprehensive.

According to CDNetwork’s own network monitoring data, the largest detected attack in the first half of 2016 was nearly three times the size of the largest of 2015 – 58.8Gbps versus 21Gbps.

Furthermore this wasn’t a freak occurrence as more than 31 percent of attacks in the first half of 2016 were more than 50Gbps.

“The results are both comforting and worrying. It may have taken high profile attacks on Dyn and the overpowering of the likes of Twitter and CNN to spur businesses into action, but we’re glad that DDoS is now seen as an issue that needs to be addressed,” says Chris Townsley, EMEA Director of CDNetworks.

“However, the size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to be complacent or regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.”

CDNetworks affirms the most common impacts of successful DDoS attacks were loss of commercial opportunity (81 percent could trace this impact directly to a DDoS attack), the cost of remedy and strain on the IT team itself (16 percent for both).

Interestingly, 31 percent (and the largest proportion) believe that rivals are behind at least some of the DDoS attacks they’ve been targeted by – next up was random targeting at 23, hate crime at 22 percent, and blackmail at 21 percent.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.