Radware, the provider of cyber security and application delivery solutions, has released its 2019-2020 Global Application and Network Security Report. The report finds that more than one-in-four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. In 2018, 19% of organisations believed they were attacked by a nation state. That figure increased to 27% in 2019. At 36%, companies in North America were more likely to report nation state attribution.
“Nation state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero day exploits and the patience to plan and execute operations,” said Anna Convery-Pelletier, chief marketing officer at Radware. “These attacks can result in the loss of sensitive trade and technological or other data. Security teams may be at a distinct disadvantage.”
These findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, server-less architectures and a mix of multiple cloud environments. Two-in-five managers reported using a hybrid environment that included cloud and on-premises Data Centres. Two-in-five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.
As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic.
For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks and 46% are not sure if they suffered an encrypted DDoS attack.
Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet. Companies are increasingly adding and relying upon new paradigms, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams. Security is often an afterthought as businesses march forward, and there’s a misconception that ‘good enough’ is enough.”
In addition, the report also found the following points of note:
The emergence of 5G networks As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared
Be careful what you wish for in terms of the IoT 5G promises to advance organisations’ implementation of (and the value they derive from) IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT-connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%
Data loss is top concern About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, which is down from 35% the previous year, followed by service outages at 23%. Meanwhile, 33% said that financial gain is a leading motivation for attacks