2014 was a watershed year for the security industry and cyber-attacks reached a tipping point in terms of quantity, length, complexity and targets.
The growth and expansion of cyber-attacks to new targets is in part due to a bigger technical “bag of tricks” being used. Hackers are adapting to multi-pronged mechanisms for cyber-defense by combining multiple techniques in a single attack.
Example of a Powerful Lesson: Attacks Longer & More Continuous
In September and October of 2014, we surveyed the security community and collected 330 responses and found that the most commonly reported attack duration was one month. This was cited by about 15% of the survey respondents. However, 19% of the major attacks reported were considered “constant” by the targeted organization. That’s a stark contrast from the 2011, 2012 and 2013 surveys. While organizations reported many weeklong and even month-long attacks, never have more than 6% reported experiencing constant attacks.
This trend challenges the traditional concept of incident response, which assumes a normal state without attacks. It also exposes a security gap. When respondents were asked how long they could effectively fight an around-the-clock attack campaign, 52% said they could fight for only a day or less!
New Trends are Changing the Rules of the Game
Three trends have become incredibly disruptive to information security: the continued migration to cloud (and the accompanying dissolution of enterprise IT), the rise in the Internet of Things (IoT), and the move toward the software-defined network (SDN).
Hybrid Solutions Prove Themselves and Gain Ground
This year, more than a third (36%) of Security Industry Survey respondents indicated that they use a hybrid solution with both customer premise equipment (CPE) and cloud solutions. Another 6% plan to implement. Interestingly, responses suggest that by 2015, nearly half (48%) of those surveyed will employ hybrid protection.
Internet Pipe, Reflective Attacks Earn Dubious Honors
Not only has it increased as a point of failure, but the Internet Pipe now has the “honor” of being the number-one failure point. Meanwhile, hackers seem to be making their way through every protocol to determine whether and how to use it for the next big reflective attack. The result: Reflective attacks represent the single largest DDoS “headache” of the last year.
Headless Browsers, DDoS Attacks Become More Sophisticated
Attackers are now combining multiple techniques in a single attack—enabling them to bypass defense lines, exploit server-side vulnerabilities, and strain server-side resources. Such attacks include Anonymization and Masquerading, Fragmentation, Encryption, Dynamic Parameters, Evasion and Encoding, Parameter Pollution and Extensive Functionality Abuse.
Budgets Can Be Challenging—But Organizations Are Investing
Organizations of all sizes are struggling to finance and anticipate costs associated with cyber-attack prevention and mitigation. When asked how their organization has deployed resources in response to cyber threats in the past 12 months, more than half of the respondents reported changing security process, protocols and/or mandates. Nearly half said they had invested in new or specialized technologies.