Radware Research Finds Data Loss Is Top Cyber-Attack Concern
Radware’s Global Application and Network Security Report 2016-2017 Finds Ransom Was The #1 Motivation Behind Cyber-Attacks, Malware Was the Most Frequent Type of Attack, and IoT Botnets are a Major Concern
Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions ensuring the digital user experience for applications in virtual, cloud, and software-defined data centers, has found that hackers and companies agree on one thing: Data is lucrative. Radware’s Global Application and Network Security Report 2016-2017 revealed that 49% of businesses confirmed being the subject of a cyber-ransom campaign in 2016. What’s more, 27% of IT professionals surveyed chose data leakage or loss as a key concern when faced with a cyber-attack, while only 19% chose service outage, 16% selected reputation loss, and just 9% cited customer or partner loss.
The full report identifies 2016’s major attack trends, outlines industry preparedness, and gives insider views from the front lines to the corner office. Among the biggest trends identified for the current report coverage period:
- 41% reported that ransom was the top motivation behind cyber-attacks they had experienced in 2016, followed by insider threats (27%), political hacktivism (26%), and competition (26%).
- Half of all organizations surveyed had experienced a malware or bot attack in the past year, and 55% said that IoT complicates their detection or mitigation requirements as it increases the surface of the attack landscape.
- Massive DDoS attacks made headlines in 2016, but Radware’s research shows that attacks of more than 50 Gbps made up just 4% of attacks experienced.
- More than 83% of DDoS attacks reported by organizations were under 1 Gbps.
- Big attacks can do a lot of damage: 35% reported impact to their servers, 25% claimed damage to their internet pipe, and 23% said large-scale attacks impacted their firewall. These respondents defined “impact” as 100% exhaustion resulting in total failure.
- Companies are still not prepared to face the threat landscape:
- 40% of organizations do not have an incident response plan in place;
- 70% percent do not have cyber-insurance; and
- despite the prevalence of ransomware, only 7% keep bitcoins on hand.
“One thing is clear: Money is the top motivator in the threat landscape today,” said Carl Herberger, Vice President of Security Solutions at Radware. “Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data.
“Our report shows that most organizations are still not prepared to fend off many of the more sophisticated attacks. There is a vast market for mitigating attacks in progress and defending against threats, both new and established, that grow in severity by the day. From our Emergency Response Team to our extensive products and services, Radware stands ready to guard organizations’ data, systems, and customers from harm.”
Key predictions from the report include:
- With the code for the Mirai IoT Botnet now available to the public, novice and sophisticated hackers are already adjusting and “improving” the code’s capabilities based on their needs. In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets. IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.
- Cyber ransom is the fastest-growing motive and technique in cyber-attacks, as most phishing attempts now deliver ransomware. Today, threat actors focus their ransom attacks to target phones, laptops, company computers, and other devices that are a daily necessity. In the future, they may target lifesaving healthcare devices like defibrillators.
- Rise of Permanent Denial of Service (PDoS) for Data Center and IoT Operations: Also known loosely as “phlashing” in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of the hardware itself. While these attacks have been around for a long time, they only appear sporadically. However, they can do a tremendous amount of damage. Radware predicts that more threat actors will target the destruction of devices via PDoS attacks in the coming year.
- Telephony DoS (TDoS) is expected to rise in sophistication and importance, catching many by surprise. Cutting off communications during crisis periods could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.
- Public transportation held hostage. From trains and planes to buses and automobiles, entire systems of transportation are becoming self-guided. This automation is meant to provide increased safety, improved reliability, and higher efficiencies. Most of this critical infrastructure may be vulnerable to threat actors looking to hijack public transportation or lock the system down with ransomware.
“Threat actors have a single focus, to develop the best tools possible to either disable an organization or steal its data,” said Carl Herberger, Vice President of Security Solutions at Radware. “Businesses focus on delivering the highest value to their customers. In order to deliver that value, security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organizations will remain vulnerable.”
Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, creates this annual report for use by the security community. The ERT team compiles this report using a combination of data from a vendor-neutral survey of organizations, Radware’s in-the-trenches experience fighting cyber-attacks, as well as the perspective of third-party service providers. The goal of this report is to provide the industry with insights and best practices to help prepare for 2017’s security landscape.
To download the complete Global Application & Network Security Report 2016-2017, which includes
the ERT’s complete predictions and recommendations for how organizations can best prepare for mitigating cyber threats in 2017 please visit https://www.radware.com/ert-report-2016/.
THIS PRESS RELEASE AND THE REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT OR FUTURE PERIOD.
Radware® (NASDAQ: RDWR), is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers. Its award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.
Radware encourages you to join our community and follow us on: Facebook, Google+, LinkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.
©2017 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners. The Radware products and solutions mentioned in this press release are protected by trademarks, patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
Safe Harbor Statement
This press release may contain statements concerning Radware’s future prospects that are “forward-looking statements” under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. For example, when we say “Key predictions from the report include…”, this is a forward looking statement.” Because such statements deal with future events, they are subject to various risks and uncertainties and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware's current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; changes in the competitive landscape; inability to realize our investment objectives; timely availability and customer acceptance of our new and existing products; risks and uncertainties relating to acquisitions; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; Competition in the market for Application Delivery and Network Security solutions and our industry in general is intense; and other factors and risks on which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, reference is made to Radware’s Annual Report on Form 20-F which is on file with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.