Last week we announced the findings of a survey we conducted at Infosecurity in London at the start of June. The results revealed that the security community is running the risk of not protecting itself effectively against DDoS threats and would no longer consider these types of attacks to be a top three concern, despite numerous industry studies that show distributed denial-of-service attacks to be on the rise. Instead, attention is turning to application data breaches, network attacks and malware. Despite this, 60% of respondents highlighted that they are worried about DDoS attacks targeting their organisation, with 39% revealing that it is likely that their organisation has already been targeted.
Tackling the threat, almost 40% of the organisations questioned are using a firewall to protect against DDoS attacks, with web application firewalls preferred by 26% of respondents. Worryingly, investment in specific DDoS protection, either on or off premise, scored much lower.
The evolving technology landscape is also, according to the research, making security more challenging; 76% of respondents stated that - with the advent of cloud, the rise in off-premise IT and trends such as BYOD - the ability to maintain consistent security and availability policies has become harder in the last three years.
However, respondents are still looking to innovate and take on board new opportunities to drive efficiencies in their business. More than a quarter of respondents (27%) are looking to use software defined networking (SDN) technologies in their data centre in the near future, though 20% believe that SDN environments are more vulnerable to attacks. Specifically, the top three concerns are bugs and vulnerabilities in the applications (26%), the exploitation of centralised controllers (21%) and the development and deployment of malicious applications on controllers (15%).
Personally, I’m very surprised to see that DDoS attacks are no longer a top three concern for businesses, as attacks are still coming thick and fast with an ever increasing level of sophistication. Businesses must continue to invest in protecting themselves against attacks of this kind. And while it’s interesting to see that many organisations are considering implementing SDN technologies, there is clearly still plenty of scepticism. Further education is certainly required before businesses fully embrace the opportunities for speed and agility afforded by this type of environment
The survey also looked into security concerns around broader industry issues, including the Internet of Things and the Investigatory Powers Bill. Check out my follow up blog in the coming days to find out how the security community is responding to changes in the market.