Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced the release of its Global Application and Network Security Report 2015-2016, which highlights that retailers are prime targets as the ‘Internet of Zombies’ takes hold.
In the last year, over 90% of companies surveyed experienced a cyber attack. Half of all businesses attacked said they had experienced burst bot attacks, a short but intensive form of automated attack, up from 27% in 2014.
Radware’s Emergency Response Team (ERT), which compiles the report using insight from dealing with attacks, complex analysis of the ‘dark web’ and input from over 300 companies*, believes that ‘burst bots’ will be the fastest growing type of attack in 2016. It’s warning the finance sector to ensure it invests in ‘good bots’ to fight the relentless ‘zombie’ style Advanced Persistent Denial of Service (APDoS) bots that attackers can leave to run for days, even weeks, at a time.
Of the banks and finance houses surveyed, 69% believe the most likely form of attack will be from professional gangs, which correlates with a rise in bitcoin ransom attacks in this sector, standing at 27% in 2015. But interestingly it’s the sector, after education and healthcare, that’s most likely to say that people inside the company pose a threat (51%). Just over a quarter (28%) said that an attack would cost them between $0.5m and $5m in damages, recuperation and lost revenue, while 9% put the value at over $10m.
Adrian Crawley, regional director for Northern EMEA at Radware, believes that as hacking becomes more automated, retailers will need to find ways to fight the ‘Internet of Zombies’ and must anticipate the attacks that will come their way:
"This year things will change and the first line of defence for information security will no longer include people. As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, CSOs will need to combine a virtual cyber army with skills. People are simply not equipped to make the decisions quickly enough to fight back on the front line. We are approaching the fall of human cyber defences and the rise of cyber botted-defence. The age of the Internet of Zombies is here and the finance sector will need to quickly adapt their approach.”
The financial sector experiences a wide range of attack types. Financial companies surveyed said that the motives for the attacks they experienced in 2015 ranged from the political hacktivists (33%), upset customers (36%) and attacks from the competition (22%). But the study also shows that many retailers are working blind when it comes to identifying the motivation for attacks.
Adrian explains: “Though angry users and political hacktivists were behind a vast number of attacks, companies had no idea what the motive was for 38% of attacks. When you couple that with the belief that employees pose a significant risk, that’s a big blind spot in security planning and tells us that you have to prepare for the unexpected automated or otherwise. Business will need to think through how they identify unusual patterns and react – given the size of these companies, it’s very likely that the best way of weeding out risk will be through machines that constantly scan the network for abnormalities.”
Adrian continues, “The figures also show how much risk customers pose. Even if you pride yourself on great customer service, one customer can cause a tremendous security headache. That’s because it’s so easy to get hacking tools on the black market. You don’t need a hacking education, just a computer will do. This will only worsen as the age of automated ‘zombie’ attacks takes hold – a click of the button will keep the havoc going for days on end.”
To download the complete Global Application & Network Security Report 2015-2016, which includes the ERT’s predictions and recommendations for how organisations can best prepare for mitigating cyber threats in 2016, please visit http://www.radware.com/ert-report-2015.