US and EMEA security professionals interviewed by the Neustar International Security Council (NISC) in January 2019 said that DDoS attacks are perceived as the highest threat to their organizations, with roughly half of their companies having been attacked in 2018.
Another 75% of all professionals who took part in NISC’s study said that they are deeply concerned about “bot traffic (bot robots and scrapers) stealing company information, despite the same number already deploying a bot traffic manager solution.”
NISC uses a Cyber Benchmark Index to track the mounting threat concerns as “a reflection of the current international cybersecurity landscape,” While at the beginning of 2018 the index reached 10.5, in January 2019 it hit 19.4, the highest value recorded since NISC started charting threat levels in May 2017.
“Unfortunately, bot traffic makes up a large proportion of the Internet,” said NISC Chairman and Neustar SVP and Fellow Rodney Joffe. “So it is key that organizations make sure incoming data is scrubbed in real-time, while also identifying patterns of good and bad traffic to help with filtering. [..] Implementing a Web Application Firewall (WAF) is crucial for preventing bot-based volumetric attacks, as well as threats that target the application layer.”
According to NISC, 48% of respondents stated the threats posed by DDoS attacks have increased during November and December 2018, while 42% said that they have increased their ability to respond to DDoS attacks.
“Fears around bot traffic and bot-powered DDoS attacks are extremely valid but by no means new. However, with the rapid rise of the Internet of Things – whether that be across smart cities, banking or a nation’s critical infrastructure – the ability for bots to cause havoc at a global level has increased significantly,” also stated Joffe.
Besides the 23% of the ones who considered that DDoS attacks are the highest threat, NISC’s research found that:
System Compromise – 21% stated this was the highest threat to their enterprise
Ransomware – 15% stated this was the highest threat to their enterprise
Financial Theft – 15% stated this was the highest threat to their enterprise
“Without the appropriate detection, data scrubbing and mitigation tools in place, IoT devices have the potential to become part of a malicious botnet, whereby hackers essentially weaponize these devices to launch more powerful DDoS attacks,” continued Joffe. “Worryingly, as more and more devices continue to connect to the Internet, these types of attack pose an increased risk to not only the defenses of an enterprise, but also to a whole nation.”
NISC conducted 300 interviews in January 2019 to collect the data for this report, focused on security professionals from organizations in five countries across EMEA (i.e., France, Germany, Italy, Spain, and the UK), as well as from the US.
The survey respondents currently hold senior positions such as CTO, Director of IT, security consultants, and a number of other positions related to enterprise security responsibilities.