Few organizations are well prepared when it comes to cyber-attacks.
Blending statistical research and front-line experience, and with more than 20 industries represented, Radware’s new 2015-2016 Global Application & Network Security Report reflects this. The report outlines findings and analysis from our 2015 industry survey, reflects our Emergency Response Team’s (ERT) in-the-trenches experiences fighting cyber-attacks, and incorporates the perspectives of two 3rd party service providers.
No One is Immune. Few Are Prepared.
The number of attacks is growing and so is the sophistication of attackers and the tools at their disposal. Couple this the complexity of dealing with growing networks, cloud migrations, IoT and other macro IT trends, and organizations today are simply not keeping up. That sentiment echoed across survey respondents, spanning enterprise verticals from financial services and critical infrastructure to cloud services across the globe.
It is clear that no one is immune from attacks. In the report, it shows how attacks target multiple industries across small and large organizations and across the world. More than 90% of respondents reported experiencing attacks in 2015. That’s a significant number – only one in ten had not experienced any of the attacks covered in the survey.
There isn’t just one area that requires fixing. Gaps in security protections are spread across various areas of the network and organization. One-third of respondents cited a volumetric/pipe saturation weakness, and another quarter cited vulnerability to network and HTTPS/SSL attacks. Overall weaknesses are spread fairly evenly, suggesting a true protection gap for most organizations today.
Also this year, we’ve included 3rd party viewpoints from both Bell Business Markets and Atos that share with us their perspective of the threat landscape and how organizations can be more prepared.
Shift in Motives and Impact
This year’s report also looks at the shift in attacker motivation and this overall impact on the business. Some interesting trends include the increase in ransom-based attacks and the fact that most organizations still do not know the motivation behind cyber-attacks. Most are in the dark when it comes to “why” they were attacked. The increase in ransom attacks is very apparent in the market and is showcased in the report with the recent attacks on ProtonMail.
The Growing Need for Security Automation
Radware’s ERT report takes a deep dive into the rise in automated attacks and how organizations should be preparing. We cover this in detail in our discussion on Dynamic IP Attacks and the battle between “good” and “bad” bots. These automated attacks are an indication of the rise of advanced persistent denial-of-service (APDoS) attacks. These attacks represent a clear and emerging threat demanding more advanced detection and mitigation and, more often than not, true partnership with DDoS mitigation service providers.
The need for automated, advanced attack detection is further exemplified through the case of a major US-based airline that dealt with the rise in automated attacks and the sophistication of application-layer attacks. This airline battle bad bots that acted as faux buyers, which caused the airline’s inventory to essentially be held hostage. The case demonstrates what the airline did to protect its applications from advanced bots and how website operators need more advanced user and client identification that can detect and block illegitimate users.
What Changed in Security From 2015?
Whether you want to know more about today’s attack vector landscape, understand the business impact of cyber-attacks on organizations, or learn more about emerging attack types and tools, this report is for you. It provides a comprehensive and objective review of 2015 cyber-attacks from both a business and technical perspective.