Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/12/2014
09:22 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Cyberattacks Longer, More Continuous Than Before

A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.

Companies hit with cyberattacks this year spent a longer time on average mitigating the threat than at any time previously, highlighting the growing sophistication and complexity of the threat landscape.

Some 19% of 340 technology executives surveyed by security vendor Radware Inc. earlier this year described attacks against their companies as “constant,” with about 15% saying the attacks lasted more than one month.

This marks the first time in the four years that Radware has done the survey where so many respondents reported experiencing month-long attacks. “This trend challenges the traditional concept of incident response, which assumes a normal state without attacks,” Radware said in its “Global Application & Network Security Report.”

Enterprises appeared more or less equally worried about a wide range of security threats, including phishing, fraud, IP theft, and worm and virus damage. Somewhat surprisingly though, distributed denial of service attacks (DDoS) topped the list of threats that IT managers were most concerned about this year, followed by advanced persistent threats, according to the Radware survey.

Concerns about the ability of companies to defend against cyberthreats are running high as the result of a seemingly never-ending string of high-profile data breaches this year.

The massive -- and still unfolding -- intrusion at Sony Pictures has capped what has been one of the worst-ever years for data breaches in recent memory. Since the breach at Target last year that exposed data on some 40 million credit and debit cards, others that have disclosed major network compromises include Home Depot, JPMorgan Chase, Supervalu, UPS Stores Inc., and Dairy Queen. In almost all these incidents, the intruders managed to remain undetected for weeks, and sometimes even months after gaining initial access into company networks.

“2014 was a watershed year for the security industry,” Radware noted. “Cyber-attacks reached a tipping point in terms of quantity, length, complexity and targets.”

Radware’s survey and those by others in recent weeks show that companies have become more aware of the risks they face and are moving to address them. Even so, some troubling gaps remain.

Radware, for instance, found that less than half the companies surveyed were equipped to fight off cyberattacks for any sustained period of time. In fact, 52% said they would be able to fight off a sustained attack on their network for a day at most. Nearly 50% of those surveyed identified reputation loss as their biggest concern, followed by revenue loss, and then service disruptions.

Another survey conducted by the Ponemon Institute on behalf of Experian showed that, while many companies have made some positive changes on the security front, their governance and overall data-breach preparedness continue to lag. Companies continued to have trouble in areas like data-breach response, risk assessments, network anomaly detection, and continuous network monitoring.

For instance, about 73% of the 567 IT executives surveyed by Ponemon said their companies had implemented a data-breach response plan. However, only about 30% felt the plan was “effective” or “very effective” while 30% felt exactly the opposite way.

Among the issues identified as hindering their breach response were a lack of visibility into end-user access to critical data and systems, the continuing proliferation of mobile devices and cloud services, and third-party access to corporate data.

Somewhat encouragingly, though, companies appear to be willing to invest more in shoring up security. The Radware survey showed that, while many companies still have a hard time figuring out how much they need to spend on security, nearly half said they had invested in new or specialized technologies to deal with cyberthreats. At many companies, security has become a CEO and board-level issue.

“Research confirms that the motives, means and effectiveness of security attacks are on the rise,” Radware said in its report. “[The trend] highlights the need for greater agility to quickly adapt to evolving threats.”

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mwallsedgewave
50%
50%
mwallsedgewave,
User Rank: Author
1/7/2015 | 4:50:53 PM
Good Points!
Good material!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/15/2014 | 12:37:19 AM
CISO research by Ponemon
It's also worth pointing out that other research by Ponemon the past couple of years has indicated that getting a CISO immedaitely involved to deal with the fallout of a breach can significantly reduce the ultimate financial cost of the breach.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.