F5 Infosec survey reveals over a third of organisations are yet to develop a cyber-attack response plan
F5 Infosec survey reveals over a third of organisations are yet to develop a cyber-attack response plan
F5 Networks has announced the findings of a survey into current concerns in the security community, conducted at the Infosecurity Europe 2016 show in London.
The survey reveals that businesses are running the risk of being exposed by cyber-attacks, with over a third (36 percent) of respondents claiming their organisation currently has no response plan in place. In an environment where cyber-attacks are increasingly commonplace, it is alarming that more businesses are not prepared. As revealed by a recent government report on Information Security Breaches, the average cost of a severe online security breach for big business now starts at £1.46 million – up from £600,000 in 2014 – a cost which businesses can ill afford.
The F5 survey also highlights the broad nature of the threats security pros are facing. Asked what their top three security concerns were, network attacks (19 percent), malware (18 percent) and application data breaches (17 percent) were all highlighted, with DDoS attacks (16 percent), cloud-related data breaches (14 percent) and web fraud attacks (13 percent) following closely behind.
DDoS remains prevalent
DDoS attacks remain common with 35 percent believing their business has either definitely or very likely or suffered an attack.
When asked what their primary solution was for a DDoS attacks, respondents listed firewalls (33 percent) and Web Application Firewalls (WAF) (14 percent).
According to the survey, some 74 percent of businesses either use a WAF or plan to in the future.
In terms of types of DDoS attack, respondents listed ‘blended DDoS' attacks (26 percent) as the biggest threat followed by ‘application level' (25 percent) and ‘volumetric-based' (19 percent). Extortion-driven attacks (15 percent) were scored bottom – surprising considering the increasing number of cyber-ransom style attacks reported in the media.
On-premise versus cloud
The 2016 survey also revealed that hybrid DDoS mitigation (17 percent) was a more popular solution than an on-premise DDoS mitigation approach (15 percent). A question specifically about WAF found that 31 percent opted for on-premise and 19 percent for cloud-based solutions.
"The results from the Infosecurity survey are concerning on a number of levels. Firstly, considering barely a week goes by without a high profile hack or data leak, it is very surprising that as many as 36 per cent of businesses are yet to put in place a cyber-attack response plan. And with the increasing volume of attacks that we're seeing, it is crucial businesses invest in protecting themselves against threats of this kind," says Gad Elkin, Security Director EMEA at F5.
"Secondly, it is interesting to see that security professionals were unable to name a clear primary threat when asked for their top three security concerns. The fact issues such as network attacks, malware, application breaches, DDoS and cloud-related data breaches all scored within a few percentile points of each other highlights the range of threats out there, and the significant task facing security professionals whose job it is to keep businesses, users and customers safe."
Anton Jacobsz, MD at Networks Unlimited, the value added distributor of F5 products in more than 20 African countries, adds: "These findings also highlight the need for businesses operating on the continent to take a serious look at their holistic security profile. No matter what size of business you have or industry you operate in, the right security tools for protection are available to all, as well as the skills and knowledge of today's most pressing threats."
F5's digital experiences research surveyed 274 adults at the Infosecurity Europe 2016 event in London aged 18+ from 7 – 8 June 2016. The full report is available from F5. For more information, please contact Alexa Gerber, F5 product manager at Networks Unlimited: alexa.gerber@nu.co.za