Businesses Unprepared for DNS Reflection Threat, Despite Biggest Attack in History

Research reveals lack of understanding of modern threats and lack of confidence in how well businesses are protected

LONDON—F5 Networks, Inc. (NASDAQ: FFIV) today announced the findings of its 2013 Infosecurity survey, which revealed that many organisations are struggling to keep pace with the changing face of security threats. Respondents at the Infosecurity Europe 2013 event in London this week admitted to a lack of understanding around DNS reflection attacks, despite the event coming just weeks after the largest attack of its kind. Only 10 per cent of the security professionals surveyed believe they could describe accurately how reflection attacks work, and only 11 per cent would be completely confident that the day-to-day operations of their business would not be disrupted, should they be hit by such an attack.

Many respondents reported feeling vulnerable due to the host of modern threats from cyber criminals, hacktivists and hackers. 87 per cent claimed that it is more difficult than ever to secure their business from the threat of cyber attacks, with almost one in four citing the BYOD trend as the major factor in why their organisation is more vulnerable. Others referenced the increasing complexity of threats (20 per cent) and the change in the ‘bad guys’ from hackers to those more focused on espionage and political motivation (14 per cent) as the number one factor in increasing the difficulty in protecting businesses from these types of attacks.

The research also revealed other concerns around protecting infrastructure and applications.  83 per cent of respondents revealed they are less than fully confident that their organisation has consistent security and availability policies across their entire IT infrastructure, and 85 per cent acknowledge the risk of wiping personal as well as company data when safeguarding a corporate mobile device following a theft.

“Both the scale and the method of the Spamhaus attacks should have acted as a wake-up call, but the research suggests that many security professionals would still struggle to deal effectively with the new breed of DDoS attacks, and fear the potential impact on their organisation,” commented Joakim Sundberg, Worldwide Security Solution Architect, F5.

Sundberg continued: “As organisations continue to move their applications to the cloud as a way to increase infrastructure agility and reduce costs, it’s vital that they close off any back doors to would-be attackers. Conventional firewalls are failing in the face of increasingly complex internet threats; more intelligence has to be built into the corporate network to ensure their security can handle the newest threats. This includes being able to seamlessly configure and automate security to ensure the entire IT environment is protected, regardless of the mix of on-premise, cloud or hybrid infrastructures.”

F5 Networks Infosecurity survey
The F5 Networks 2013 Infosecurity survey is a result of research conducted on the exhibition floor on day one at this week’s Infosecurity Europe 2013 event in London. Conference attendees were asked two initial qualifying questions to promote the validity of the survey results. 120 qualified respondents were then asked a total of ten questions surrounding security trends.

About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com. You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.