DDoS Falls From Priority Lists

The evolving technology landscape is making security more challenging. In a recent survey, three-quarters (76%) of respondents stated that, with the advent of cloud, the rise in off-premise IT and trends such as BYOD, the ability to maintain consistent security and availability policies has become harder in the last three years.

According to a survey from F5 Networks, conducted at Infosecurity Europe 2015 in London, one key finding is that businesses are running the risk of becoming complacent over the threat of DDoS attacks, as their attention turns instead to application data breaches, network attacks and malware. Investment in specific DDoS protection, either on or off premise, is declining.

Despite this, 60% of respondents highlighted that they are worried about DDoS attacks targeting their organization, with 39% revealing that it is likely that their organization has already been targeted. Almost 40% of the organizations questioned are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents.

“The results from the Infosecurity survey are concerning on a number of levels,” said Gary Newe, technical director for the UK, Ireland and Sub-Saharan Africa at F5 Networks. “I’m very surprised to see that DDoS attacks are no longer a top three concern for businesses, as attacks are still coming thick and fast with an ever-increasing level of sophistication. Businesses must continue to invest in protecting themselves against attacks of this kind.”

However, respondents are still looking to innovate and take on board new opportunities to drive efficiencies in their business. More than a quarter of respondents (27%) are looking to use software defined networking (SDN) technologies in their data center in the near future, though 20% believe that SDN environments are more vulnerable to attacks. Specifically, the top three concerns are bugs and vulnerabilities in the applications (26%), the exploitation of centralized controllers (21%) and the development and deployment of malicious applications on controllers (15%).

“Though it’s interesting to see that many organizations are considering implementing SDN technologies, there is clearly still plenty of skepticism,” said Newe. “Further education is certainly required before businesses fully embrace the opportunities for speed and agility afforded by this type of environment.”

When asked about the Internet of Things, respondents highlighted concerns around data loss (26%), security around managing an increasingly complex environment and securing customer data (23%), and the increasing complexities around managing connected devices (21%) as top of their agendas. Only 3% of respondents have no concerns around the Internet of Things, suggesting a need for the government and the broader business community to encourage collaboration, security and education in this space.

The survey also revealed that more than half (52%) of the respondents are concerned about the Investigatory Powers Bill coming into force in the UK, with 32% citing worries around the government having more 'big brother' style powers. Interestingly, given the Infosecurity Europe 2015 community is largely responsible for safeguarding customer data across a range of industries, only 18% of individuals are concerned about government access to personal data and only 13% with corporate data.

“In terms of the broader industry points, it’s not altogether surprising that the security community is concerned about the Internet of Things and the Investigatory Powers Bill,” Newe concluded. “The respondents are at the front line in protecting enterprises against external threats and in modernizing IT infrastructure for an ever more connected world. There is still a great deal of uncertainty in these areas and it will be crucial for the government and business community, including their security teams, to engage in the debates about the rollout of both.”

What’s Hot on Infosecurity Magazine?