Over a third organisations have no cyber response plan
F5 Networks announced the findings of a survey into current concerns in the security community. The survey reveals that businesses are running the risk of being exposed by cyber attacks, with over a third of respondents claiming their organisation currently has no response plan in place. In an environment where cyber attacks are increasingly common place, it is alarming more businesses are not prepared.
As revealed by a recent government report on information security breaches, the average cost of a severe online security breach for big business now starts at £1.46 million, up from £600,000 in 2014, a cost which businesses can ill afford.
The F5 survey also highlights the broad nature of the threats security pros are facing. Asked what their top three security concerns were, network attacks, malware and application data breaches were all highlighted, with DDoS attacks, cloud related data breaches and web fraud attacks closely behind.
DDoS attacks remain common, with 35% believing their business has either definitely or very likely suffered an attack. When asked what their primary solution was for a DDoS attacks, respondents listed firewalls, hybrid mitigation and web application firewalls as the top three. According to the survey, web application firewall is an integral part of a company’s general security infrastructure, some 74% of businesses either use a web application firewall or plan to in the future.
In terms of types of DDoS attack, respondents listed blended DDoS attacks as the biggest threat followed by application level and volumetric based. Extortion-driven attacks were scored bottom, surprising considering the increasing number of cyber ransom style attacks reported in the media.
The 2016 survey also revealed that hybrid DDoS mitigation was a more popular solution than an on-premise DDoS mitigation approach. A question specifically about web application firewalls found that 31% opted for on-premise and 19% for cloud based solutions.
“The results from the info security survey are concerning on a number of levels. Firstly, considering barely a week goes by without a high profile hack or data leak, it is very surprising that as many as 36% of businesses are yet to put in place a cyber attack response plan. Considering the increasing volume of attacks that we are seeing, it is crucial businesses invest in protecting themselves against threats of this kind.”
“Secondly, it is interesting to see that security professionals were unable to name a clear primary threat when asked for their top three security concerns. The fact issues such as network attacks, malware, application breaches, DDoS and cloud related data breaches all scored within a few percentile points of each other highlights the range of threats out there, and the significant task facing security professionals whose job it is to keep businesses, users and customers safe,” said Gad Elkin, Security Director EMEA, F5 Networks.