2018 saw some very unique and attention-grabbing data security incidents such as the largest distributed de nial-of-service (DDoS) attack ever recorded at 1.7Tbps., the General Data Protection Regulation (GDPR) that came into effect on May 25, 2018, imposing strict new rules on how personally identifiable information (PII) is collected, processed and controlled and not to miss mentioning cryptominers infiltrated networks looking for a quick score.
We’ve entered a “post-trust” era when organizations and individuals are increasingly wary of accepting promises of security at face value. Every time consumers interact with a brand, they make a judgment about whether they trust a company enough to share their PII. Successful cyberattacks break the trust that companies have worked hard to establish between their brands and customers. Ramifications are no longer the sole responsibility of security professionals; C-suite executives are accountable as well.
The eighth Global Application & Network Security Report combines organic research, real attack data and analyses of developing trends and technologies with the findings from a global industry survey.
Some of the Key Highlights:
Security professionals’ evaluation of a cyber-attack has grown 52% to $1.1M.
Primary goal for cyber-attacks is service disruption, followed by data theft.
To do so, hackers use the right tools: +20% in HTTPS floods, +15% in bursts and DNS attacks, +10% in malware and bots.
In addition, attacks are becoming more frequent (+62% experienced daily attacks) and more efficient (+15% in number of complete outages).
Application security is the top concern for 2019.
Many rely on public cloud providers to secure their digital assets but are concerned with the level of security they actually get.
Speed and security are top drivers to explore machine learning based solutions.
Emerging Attack Vectors
Attackers employ efficient techniques to cause denial of service, such as bursts, amplification, encryption or internet of things (IoT) botnets, and target the application layer to cause more harm.
Application-layer attacks caused the most damage. Two-thirds of respondents experienced application attacks. One-third foresee application vulnerabilities being a big concern in 2019, especially in cloud environments. More than half made changes and updated applications monthly, while the rest made updates more frequently, driving the need for automated security.
Cyberassaults resulting in a complete outage or service disruption grew by 15%, and one in six organizations reported having suffered a 1Tbps attack. Hackers found new tactics to bring down networks and data centers: HTTPS Floods grew 20%, DNS and Burst attacks both grew 15% and bot attacks grew 10%. A third of companies reported suffering attacks for which they could not identify the motive.
CEOs Are the New Trust Officers
Cybersecurity is becoming a very personal topic for executives trusted to lead companies at the highest level. To build and maintain solid relationships with customers, CEOs must take on an additional role as “chief trust officer.” When the years of curating a brand strategy can be obliterated with one cyberattack, assigning security strategy to the chief information security officer (CISO) is no longer enough. There is too much at stake.
Consider the fates of CEOs at companies with high-profile breaches such as Equifax, Yahoo, Moller-Maersk and Anthem Healthcare. All of the work that the organizations put into building their brands’ value evaporated the moment customers lost trust as a result of the attacks.
Before long, the CEOs of most of these companies were “pursuing other interests.” To ensure cybersecurity is an integral part of the companies’ business models, CEOs need to verify efforts and fund protective measures. CEOs who delegate security strategy without oversight do so at their own peril
Preparing for What’s Next
Businesses indicate that they understand the seriousness of the changing threat landscape and are taking steps to protect their digital assets, but the severity of security threats weighs heavy. Nearly half felt ill-prepared to defend against all types of cyberattacks, despite having security solutions in place.
Eighty-six percent of businesses explored machine-learning and artificial intelligence (AI) solutions in the past 12 months. Almost half said that quicker response times to cyberattacks were the motivation. The report saw a 44% growth in those conducting business over blockchains.
Companies continued to diversify network operations across multiple cloud providers. Two in five organizations use hybrid cybersecurity solutions that combine on-premise and cloud-based protection. Forty-nine percent of organizations in EMEA said that they were not well prepared for GDPR.
The Only Option Is Success
The cost of cyberattacks is simply too great to not succeed in mitigating every threat, every time. Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs to win back business. The GDPR and other government regulations have the capacity to bankrupt businesses that do not comply.
It is critical for organizations to incorporate cybersecurity into their long-term growth plans. Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The CEO and executive team need to lead the way in setting the tone and investing in securing their customers’ experience.