SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
CDNetworks study shows cybersecurity confidence is actually complacency
Thu, 12th Oct 2017
FYI, this story is more than a year old

​A new report has revealed that spending on cybersecurity for DDoS in the UK and DACH has surged sharply in the last 12 months.

CDNetworks released the study conducted by Sapio Research to delve into the current DDoS environment across the UK, Germany, Austria and Switzerland.

The global content delivery network (CDN) and cloud security provider asserts the increased investment has led to widespread confidence amongst IT heads in their DDoS resilience, but this is actually complacency as these same companies also confessed to a high proportion of DDoS attacks being successful in the last 12 months.

According to the research, recent high-profile DDoS attacks have been very effective in driving investment in DDoS mitigation:

  • 49 percent have invested in DDoS mitigation technologies for the first time in the last 24 months
  • Almost two-thirds (64 percent) are likely to invest more next year than in the last 12 months
  • 9 percent will be investing in DDoS mitigation for the first time in the next 12 months
  • The average annual spend is £24,200, with one-fifth of businesses investing more than £40,000.

Seemingly because of this increased investment, 83 percent of businesses described themselves as either ‘confident' or ‘very confident' in their current DDoS mitigation setup. This is despite 79 percent describing an attack as being likely or even certain.

A staggering 86 percent of businesses admitted to being victims of a DDoS attack in the last year, while 54 percent have undergone an attack that was able to take their website, network or online app offline.

And while the average business has been attacked six times, one in every 12 has detected more than 50 attacks over the last year alone.

CDNetworks asserts the prevalence of successful attacks can be possibly explained by the simple fact that there are more of them – plus they're getting bigger and more comprehensive.

According to CDNetwork's own network monitoring data, the largest detected attack in the first half of 2016 was nearly three times the size of the largest of 2015 – 58.8Gbps versus 21Gbps.

Furthermore this wasn't a freak occurrence as more than 31 percent of attacks in the first half of 2016 were more than 50Gbps.

“The results are both comforting and worrying. It may have taken high profile attacks on Dyn and the overpowering of the likes of Twitter and CNN to spur businesses into action, but we're glad that DDoS is now seen as an issue that needs to be addressed,” says Chris Townsley, EMEA Director of CDNetworks.

“However, the size and number of DDoS attacks are also increasing every year, turning DDoS into an arms race. Businesses cannot afford to be complacent or regard DDoS mitigation as a one-off investment as the trend for larger attacks shows the cybercriminals are currently winning the arms race.

CDNetworks affirms the most common impacts of successful DDoS attacks were loss of commercial opportunity (81 percent could trace this impact directly to a DDoS attack), the cost of remedy and strain on the IT team itself (16 percent for both).

Interestingly, 31 percent (and the largest proportion) believe that rivals are behind at least some of the DDoS attacks they've been targeted by – next up was random targeting at 23, hate crime at 22 percent, and blackmail at 21 percent.