It may not come as a surprise to hear that, during the Covid-19 pandemic, hackers have not been resting on their laurels. In fact, almost half (45%) of business leaders claim that their company experienced more network security incidents over the past 12 months as a result of the Covid-19 pandemic, according to our Enterprise Network Security 2021: A Post-Pandemic Threat Landscape Report, conducted with more than 400 C-Level IT leaders in large enterprises in four of the world’s largest markets.
In fact, 55% of US and 49% of UK respondents experienced the most severe impact to their network security because of these attacks, which suggests that their businesses are more of a target than those in continental Europe.
The morphing attacker
A sizeable 68% of leaders said their company has experienced a DDoS attack in the past 12 months, with the UK (76%) and the US (73%) experiencing a significantly higher proportion, compared with 59% of their German and 56% of their French counterparts. Additionally, more than half of all participants confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of those (65%) targeted at UK companies, compared with the relatively low number in France (38%).
The results also highlight that there is a financial motive behind many DDoS attacks and that the impact of these DDoS attacks has been dramatic for some: 11% of respondents said that such an attack posed a threat so serious that it could have undermined business continuity. A further 40% said that such an attack had had a major impact, resulting in significant disruption and loss of business revenues.
The knock-on effect had a significant effect on the sense of vulnerability among business leaders, resulting in 51% of them feeling more exposed to cyberattacks since the pandemic. With the findings clearly suggesting that UK businesses are being specifically targeted, it’s clear that the heightened fears of US and UK firms, in particular, are entirely justified.
These reports from companies were no surprise to us, as we have seen some very specific patterns emerge in recent months through the DDoS mitigation services that we provide and the data we collect from our own number-one-ranked global fibre backbone network. The majority (60%) of attacks we have seen this year lasted 5-10 minutes, with only 5% lasting more than an hour. Patterns can also be seen in the timing of attacks, with Saturday the quietest day in the week and Wednesday by far the most likely day for an attack to take place. Looking even randomly across our network, I can see that many customers experience an attempted attack approximately every three days.
It is not just the timing of attacks that is interesting; 70% of attacks we have seen this year have been 1Gbps to 5Gbps in size. Alone, that figure may not worry some, even though it is often damaging, but the largest attack we have seen was a huge 1.58Tbps – and 3% of attacks exceeded 50Gbps.
The pain in the pipes
The leaders we surveyed cited the biggest overall security threat to their business as being the network, alongside systems and applications. And it’s clear to see why: a startling 78% of them revealed that they responded to up to 100 network security incidents in the past 12 months.
As for the nature of the cyber threats faced, it is no surprise to find that phishing is regarded by more than half of business decision-makers as the main cyber threat to their business. More telling, perhaps, is the fact that almost as many (49%) view DDoS attacks at the same level.
As the network is probably the most vulnerable part of the security stack – because of its inherent exposure to the outside world, often connecting a multitude of network elements across long distances – when it fails, so do all the systems and workflows that depend upon it. It is little wonder that network security is also by far the biggest security cost for business, with 42% of leaders citing it as their greatest security outlay.
Analysis of our own network has highlighted further how challenging it can be to stay on top of the “where” of cyberattacks. Attackers are not just trying different styles of attack against their targets but are constantly refining the codebases that enable those attacks. We see many different versions of each attack tool in circulation at any time – enterprises may be the target, but the weapon facing them is always changing as hackers develop their skills.
Protection starts on the network
Speaking to enterprises, it is becoming increasingly common to seek protection not just from styles of attack, but even to go so far as to monitor and protect against attacks from service provider partners that an enterprise may rely on. To counteract the network security threats, nearly half (45%) of leaders currently mitigate DDoS attacks by using ISP/network provider DDoS protection.
It will be those enterprises that act on the lessons from the past 18 months and scale their security programmes across their whole stack, starting at the network, who will successfully protect their business from future – and as yet unforeseen – threats that are sure to come in the fast-moving cyber security space.