Story image

CDNetworks study shows cybersecurity confidence is actually complacency

12 Oct 17

​A new report has revealed that spending on cybersecurity for DDoS in the UK and DACH has surged sharply in the last 12 months.

CDNetworks released the study conducted by Sapio Research to delve into the current DDoS environment across the UK, Germany, Austria and Switzerland.

The global content delivery network (CDN) and cloud security provider asserts the increased investment has led to widespread confidence amongst IT heads in their DDoS resilience, but this is actually complacency as these same companies also confessed to a high proportion of DDoS attacks being successful in the last 12 months.

According to the research, recent high-profile DDoS attacks have been very effective in driving investment in DDoS mitigation:

  • 49 percent have invested in DDoS mitigation technologies for the first time in the last 24 months
  • Almost two-thirds (64 percent) are likely to invest more next year than in the last 12 months
  • 9 percent will be investing in DDoS mitigation for the first time in the next 12 months
  • The average annual spend is £24,200, with one-fifth of businesses investing more than £40,000.

Seemingly because of this increased investment, 83 percent of businesses described themselves as either ‘confident’ or ‘very confident’ in their current DDoS mitigation setup. This is despite 79 percent describing an attack as being likely or even certain.

A staggering 86 percent of businesses admitted to being victims of a DDoS attack in the last year, while 54 percent have undergone an attack that was able to take their website, network or online app offline.

And while the average business has been attacked six times, one in every 12 has detected more than 50 attacks over the last year alone.

CDNetworks asserts the prevalence of successful attacks can be possibly explained by the simple fact that there are more of them – plus they’re getting bigger and more comprehensive.

According to CDNetwork’s own network monitoring data, the largest detected attack in the first half of 2016 was nearly three times the size of the largest of 2015 – 58.8Gbps versus 21Gbps.

Furthermore this wasn’t a freak occurrence as more than 31 percent of attacks in the first half of 2016 were more than 50Gbps.

“The results are both comforting and worrying. It may have taken high profile attacks on Dyn and the overpowering of the likes of Twitter and CNN to spur businesses into action, but we’re glad that DDoS is now seen as an issue that needs to be addressed,” says Chris Townsley, EMEA Director of CDNetworks.

“However, the size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to be complacent or regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.”

CDNetworks affirms the most common impacts of successful DDoS attacks were loss of commercial opportunity (81 percent could trace this impact directly to a DDoS attack), the cost of remedy and strain on the IT team itself (16 percent for both).

Interestingly, 31 percent (and the largest proportion) believe that rivals are behind at least some of the DDoS attacks they’ve been targeted by – next up was random targeting at 23, hate crime at 22 percent, and blackmail at 21 percent.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.