Radware's Global Application & Network Security Report Reveals Cyber Attacks Now Longer and More Continuous, Lasting One Month on Average
Annual Report also uncovers Gaming, Education and Healthcare Industries at Higher Risk of Cyber Attacks, Identifies Top Disruptive Trends and highlights Notable Attack Vectors
Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, today announced the release of its 2014-2015 Global Application and Network Security Report. The annual report indicates that cyber-attacks have reached a tipping point in terms of quantity, length, complexity and targets. As cyber threats are growing and expanding to new targets, 52% of respondents to Radware's report, reveal they can effectively fight an around-the-clock campaign for only a day or less.
Radware's 53-page report was developed by the company's Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time. The ERT has extensive experience handling attacks 'in the wild' as they occur. The firsthand and statistical research of Radware's 2014-2015 report was compiled using data from 330 individual respondents within a wide variety of organizations globally.
"It would not be a surprise to see double the number of attacks occurring in the next 12 months and companies need to stay vigilant," says Ron Winward, director of network engineering at ServerCentral, a respondent of Radware's annual security report. Winward added, "Attacks are becoming far more sophisticated. Staying abreast of the changes in attack patterns, objectives and execution is something that must remain 'on' at all times."
Designed to benefit the entire security community, this report provides a comprehensive and objective review of 2014 cyber-attacks from both a business and a technical perspective and gives best practices advice for organizations to consider when planning for cyber-attacks in 2015. It also offers a framework for understanding the "why" behind cyber-attacks—providing an orderly way to assess seemingly chaotic threats.
Key findings from the report include:
- A Watershed Year: From a cyber-attack perspective, 2014 has been a watershed year for a number of industries, including electric and power, healthcare, financial services. Attacks are rife with great complexity and zeal and require sophisticated solutions to solve the complexity of the threat. Attackers have adapted to multiple mechanisms of cyber-defense employed by organizations, fighting back with multiple techniques in a single attack.
- Constant Attacks on the Rise: 19 percent of the major attacks reported are considered "constant" by the targeted organization. In past years (2013, 2012 and 2011), organizations have reported many weeklong and even month-long attacks—but never have more than 6 percent reported experiencing constant attacks.
- New Point of Failure in DDoS Attacks: Previous years has shown DDoS attacks directed to the server or firewall. However, due to an increase in UDP attacks, the Internet pipe has been regarded as the number-one failure point in 2014.
- Hybrid Security Solutions Gaining Ground: More than a third of respondents (36%) indicated that they have employed hybrid solutions to help gain ground against attacks, combining on-premise equipment with cloud solutions. Nearly half of responses (48%) suggest that they will employ a hybrid solution by 2015.
- Executive Insights – What Keeps Security Professionals up at Night: A qualitative study and exploration of the most pressing problems and persistent challenges that can cause a loss of sleep with executives in the C-Suite. Responses from CIOs, CISOs and VP-level executives within billion-dollar enterprises and best security measures they have implemented over the past 12-months.
"As both reputation loss and revenue loss from a cyber-attack is a major concern of respondents in our report, it is no surprise that three-quarters of executives stated that security threats are now a CEO or board-level concern," says Carl Herberger, vice president of security solutions for Radware. "More than half of respondents reported changes to their security process, protocols, and/or mandates in response to security threats, with more than a third indicating the use of a hybrid solution of on-premise and cloud solutions to protect against attacks."
To download the 2014-2015 Global Network & Application Security Report complete with a section that looks back at the 2014 business and attack trends and provides a set of best practices for organizations to consider when planning for cyber-attacks in 2015, please visit: http://www.radware.com/ert-report-2014/
Blog post: http://blog.radware.com/security/2014/12/2014-global-application-network-security-report
Through firsthand and statistical research coupled with front-line experience, this research identifies trends that can help educate the security community. The report draws its information from the following sources:
Security Industry Survey
The quantitative data source is a Security Industry Survey, which was conducted by Radware and had 330 individual respondents. The survey was sent to a wide variety of organizations globally and was designed to collect objective, vendor-neutral information about issues organizations faced while planning for and combating cyber-attacks.
39% of the companies in the sample are large organizations, each with annual revenue of more than $500m. A total of 23 industries are represented in the survey with the largest respondents from the following: telecommunications/Internet/cloud service provider (20.42%), financial services (13.15%), computer-related products or services (12.11%), and manufacturing/production/distribution (6.57%). About 40% of the organizations conduct business worldwide.
Security Executive Survey
Alongside the industry survey Radware selected 11 top security officers from organizations across various industries and conducted in-depth interviews about their experiences with cyber-attacks.
About the Radware Emergency Response Team (ERT)
Radware's ERT is a group of dedicated security consultants who are available around the clock. As literal "first responders" to cyber-attacks, Radware's ERT members gained their extensive experience by successfully dealing with some of the industry's most notable hacking episodes, providing the knowledge and expertise to mitigate the kind of attack a business's security team may never have handled.
Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.
For more information, please visit www.radware.com. Radware encourages you to join our community and follow us on: Facebook, Google+, LinkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.
©2014 Radware, Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners.
This press release may contain statements concerning Radware's future prospects that are "forward-looking statements" under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. These statements are based on current expectations and projections that involve a number of risks and uncertainties. There can be no assurance that future results will be achieved, and actual results could differ materially from forecasts and estimates or that future similar accounts from the financial industry will be won. These risks and uncertainties, as well as others, are discussed in greater detail in Radware's Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange Commission. Forward-looking statements speak only as of the date on which they are made and Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the Securities and Exchange Commission's website at www.sec.gov or may be obtained on Radware's website at www.radware.com.