Complacency about DDoS attacks puts businesses at risk, survey shows
Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks, a survey shows
Complacency about distributed denial of service (DDoS) attacks is putting businesses at risk, a survey has revealed.
Investment in specific DDoS protection is relatively low, according to a survey by F5 Networks at Infosecurity Europe 2015 in London.
Attention is turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks and 39% admitting it is likely their organisation has already been targeted.
Similarly to advanced persistent threats (APTs), many DDoS attacks are starting to be characterised by long durations, repetition and changing attack vectors, according to a recent report by Imperva.
Almost 40% of the organisations questioned are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents, but investment in specific DDoS protection, either on or off premise, scored much lower.
However, firewalls are not sufficient as they often cause bottlenecks and accelerate outages during attacks, according to a report published in March by communications and analysis firm Neustar.
With cyber criminal services available to enable anyone to take down a website using DDoS attacks for just $6 a month, it is clear increasing mitigation capacity alone is not enough, said Neustar senior vice-president and fellow Rodney Joffe.
“We have to become more strategic. The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information to internet service providers so they can stop attacks closer to the source,” he said.
Gary Newe, technical director of UK, Ireland and Sub-Saharan Africa at F5, said he was surprised DDoS attacks are not among the top three concern for businesses.
“DDoS attacks are still coming thick and fast, with an ever-increasing level of sophistication. Businesses must continue to invest in protecting themselves against attacks of this kind,” he added.
The survey also revealed the evolving technology landscape is making security more challenging, with 76% of respondents stating that with cloud computing and increased use of personal mobile devices for work purposes, the ability to maintain consistent security and availability policies has become more difficult in the past three years.
However, respondents are still looking to innovate and take on board opportunities to drive efficiencies in their business. More than a quarter of respondents are looking to use software defined networking (SDN) technologies in their datacentre in the near future, but 20% believe SDN environments are more vulnerable to attacks. The top three security concerns are bugs and vulnerabilities in the applications (26%), the exploitation of centralised controllers (21%) and the development and deployment of malicious applications on controllers (15%).