Last month, we took a look at how the transformation of businesses of all sizes and in nearly all industries towards online operations has driven efficiency, responsiveness and profitability, while also exposing these businesses to new risks from cyber-security threats.
With the myriad threats that target online businesses, it is fair to say that there is no silver bullet security solution. Through providing protection of critical applications and services for some of the world’s best known online businesses, Radware has developed a highly relevant view on what threats pose the greatest risk, and what strategies for protection prove most successful. With these lessons in mind, we have prepared a checklist, of sorts, for security organizations looking to secure online transactions and service delivery.
Although far from comprehensive for a full security strategy, here are some critical elements that can help address the threats becoming more commonplace for online businesses.
1. Protect against availability attacks
Given the clear and significant correlation between downtime and loss of revenue, avoiding outage resulting from availability attacks should be at the top of the list for any online business. With a wealth of sensitive data such as credit card numbers, it’s not uncommon for online businesses to be overly focused on data confidentiality and integrity. This is especially true for organizations that allow security compliance initiatives to dictate priorities. But with the growth in frequency and severity of DDoS attacks, proactive protection is a must.
2. Prepare for encrypted attacks
Attacks leveraging encrypted traffic as an attack vector are on the rise, further challenging many of the cyber-threat solutions currently in place. Most cyber-attack mitigation technologies do not actually inspect SSL traffic, as it requires decrypting the encrypted traffic. According to Radware’s 2014-2015 Global Network and Application Security Report, as much as 25% of attack activity today is using SSL-based attack vectors. Organizations should ensure they can address the needs of high capacity mitigation, support all common versions of SSL and TLS, and can isolate suspicious encrypted traffic using behavioral analysis to limit legitimate user impact.
3. Protect assets behind a CDN
It is common for online businesses to leverage Content Delivery Networks (CDN) to enhance web application performance. However, CDNs can also be exploited by attackers to launch, and even amplify attacks. Dynamic content attacks exploit CDN-based protection by overloading origin servers with requests for non-cached content that the CDN nodes simply pass along. When leveraging CDNs, teams should look carefully at the need for dedicated security protections to sit in front of origin servers.
4. Implement IP-agnostic protection
Malicious actors have made an art form out of spoofing IP addresses to not only obfuscate their identity but possibly masquerading as seemingly legitimate users based on geo-location or positive reputational information about IP addresses they are able to compromise. Organizations should look for solutions that use device fingerprinting technology that employs various tools and methodologies to gather IP-agnostic information about the source.
5. Have a strategy for responding to ransom attacks
Based on the 2015-2016 Radware Global Network and Application Security Report, there has been a 50% increase in ransom as a motivation for attackers. This increase grew from 16% in 2014 to 25% in 2015. Online businesses make good targets for those looking to gain financially from attack, given the knowledge that the immediate revenue impact from an attack may spur these businesses to quickly pay the ransom. However, experience has shown that paying the ransom often leads to prolonged or repeat attacks. A better strategy is to turn the economic tables on attackers by making the business a more difficult target through strong security posture. Most important is that businesses proactively have a plan in place as reactively implementing a plan tends to be costly and less effective.
6. Consider the CAPEX and OPEC costs to processing unwanted traffic
As cyber threats continue to grow in size, complexity and duration, not only do they pose risks associated with data confidentiality, transactional integrity and platform availability, but also simply the costs that go into processing all of the unwanted data. Processing bad traffic into its data centers results in significant costs to any online business. Conversely, dropping malicious activity at the perimeter allows online businesses to avoid unnecessary operational and capital costs on overbuilt infrastructure.
In reality, this list could go on and on . . . a situation all too familiar to the security teams working tirelessly to defend. Consider the above key items for any team looking to factor some of the more virulent and trending threats into their protection strategy.