The ISP and hosting sectors were the most targeted industries of cyber-crime in 2014, and the trend is likely to continue in 2015. That's according to Radware, provider of application delivery and application security solutions for virtual and cloud data centres. The findings from its fourth annual 'Global application and security report', which surveys 330 companies globally on cyber attacks on networks and applications, act as a strong warning to the Channel at a time when it is moving into managed services. If they fail to take adequate steps to protect their network and application infrastructure they will bring down customer networks sparking a chain of cyber-dominoes.
Ring of Fire: As part of the report, Radware publishes a 'Ring of Fire', which tracks cyber attacks and predicts the likelihood on attack of major industries. In the last 12 months, ISPs have moved up the risk rankings to become some of the most exposed companies, joining the gambling sector and government at the centre of the 'Ring of Fire'. Hosting companies have jumped from 'low risk' on the outside of the ring to just outside the 'high risk' centre. (Figure 1)
Adrian Crawley, UK & Ireland regional director for Radware, says: "The news presents a stark reality for Channel companies moving into managed services. If they fail to ensure their network security planning is robust then there's no doubt that 2015 will see a great number of 'cyber-dominoes' fall. The Channel must take heed and ensure it understands ISP and Hosting technologies inside out and the implications for planning mitigation strategies for its own operations and those of its customers."
He continues: "Success will lie in implementing a three step plan comprising hybrid solutions that protect them from the very complex and sustained attacks on application networks, collaboration with customers, and working with a trusted partner who can help them stay abreast of emerging security trends through insight, experience and expertise."
The report also shows that 19% of companies admit they are under constant cyber attack, three times as many as last year, yet 52% reveal they can effectively fight an around-the-clock campaign for only a day or less. The pressure this puts companies under has prompted boardrooms to take the threat of attacks more seriously. Three quarters of respondents said it is now a hot topic in the boardroom as reputation and revenue implications are better understood.
Carl Herberger, vice president of security solutions at Radware: "When interviewed, IT and network directors suggested that the shift in boardroom attitudes is not only helping them to raise the issues related to managing existing infrastructure but also the implications of embracing new trends such as bring your own device, the move to the cloud, and the Internet of Things (IoT)."
Carl continues: "The Internet of Things will be one of the greatest challenges for CIOs in the coming five years because of the prevalence of reflective attacks, where hackers use legitimate routes into the network to hide their identity and mask activity. For example, in anecdotal research, the healthcare industry was pre-occupied by the threat of death - it's a scary thought to consider the possibility that life support machines or pace makers could be taken over and shut down by hacktivists using legitimate routes to get in.
"CIOs will be challenged in ways they never expected, as they grapple to identify where their responsibility for technology starts and ends, and how best to protect their infrastructure and consumers. Many are already recognising that success will rest in combining skills with technology. This presents the perfect storm for the Channel and it would do well to shape its business around such technological developments. Anticipating trends, staying abreast of the security landscape and providing timely advice will be crucial for the Channel's success in the next five years."
In support of this finding, more than half (52%) reported changing security processes, protocols and/or mandates, and almost half (48%) of companies will employ hybrid protection of on-premise and cloud solutions that fight back on multiple levels.
The report has also revealed that the drivers for attacks are not clear. 70% of brands generally have no idea of the motive of the attack, though 15% say they have experienced ransom attacks, and 35% a politically motivated one, reflecting the growing enthusiasm to exploit geo-political events in the world – the conflict in the Ukraine being a notable example this year.
About the report
In September and October of 2014, Radware conducted a survey of the security community and collected 330 responses. The survey was sent to a wide variety of organisations globally, from across 23 industries. 49.5% of companies had annual revenue of over $500m. 35% employed 1,000-10,000 people and 27% employed over 10,000. In depth interviews were also conducted with 11 senior executives from companies with global operations. The survey was designed to collect objective, vendor-neutral information about issues organisations faced while planning for and combating cyber-attacks.