Lack of preparation by businesses alarming due to multi-faceted threat landscape
The survey reveals that businesses are running the risk of being exposed by cyber-attacks, with over a third (36 %) of respondents claiming their organisation currently has no response plan in place. In an environment where cyber-attacks are increasingly common place, it is alarming more businesses are not prepared. As revealed by a recent Government report on Information Security Breaches, the average cost of a severe online security breaches for big business now starts at £1.46 million – up from £600,000 in 2014 – a cost which businesses can ill afford.
The F5 survey also highlights the broad nature of the threats security pros are facing. Asked what their top three security concerns were, network attacks (19%), malware (18%) and application data breaches (17%) were all highlighted, with DDoS attacks (16%), cloud-related data breaches (14%) and web fraud attacks (13%) closely behind.
DDoS remains prevalent
DDoS attacks remain common, with 35% believing their business has either definitely or very likely or suffered an attack.
When asked what their primary solution was for a DDoS attacks, respondents listed firewalls (33%) and Web Application Firewalls (WAF) (14%).
According to the survey, some 74% of businesses either use a WAF or plan to in the future.
In terms of types of DDoS attack, respondents listed ‘blended DDoS’ attacks (26%) as the biggest threat followed by ‘application level’ (25%) and ‘volumetric-based’ (19%). Extortion-driven attacks (15%) were scored bottom – surprising considering the increasing number of cyber-ransom style attacks reported in the media.
On-premise v. cloud
The 2016 survey also revealed that hybrid DDoS mitigation (17%) was a more popular solution than an on-premise DDoS mitigation approach (15%). A question specifically about WAF found that 31% opted for on-premise and 19% for cloud-based solutions.
“The results from the Infosecurity survey are concerning on a number of levels. Firstly, considering barely a week goes by without a high profile hack or data leak, it is very surprising that as many as 36 per cent of businesses are yet to put in place a cyber-attack response plan. Considering the increasing volume of attacks that we’re seeing, it is crucial businesses invest in protecting themselves against threats of this kind.”
“Secondly, it is interesting to see that security professionals were unable to name a clear primary threat when asked for their top three security concerns. The fact issues such as network attacks, malware, application breaches, DDoS and cloud-related data breaches all scored within a few percentile points of each other highlights the range of threats out there, and the significant task facing security professionals whose job it is to keep businesses, users and customers safe.”
“It’s essential that businesses look at their entire security profile and work with providers and the market to understand where the most pressing threats are, as well as how to protect against them. The tools to support businesses are available, with options ranging from on premise implementations to as a service delivery models, meaning businesses of all sizes and profiles can ensure they’re protected at every level.”
Gad Elkin, Security Director EMEA, F5
The full results from F5’s Infosecurity survey are available on request.
F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com. You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.
F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.
# # #
This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.