How serious is the threat to enterprises from cyberattacks? Look no further than Colonial Pipeline, whose 5,500-mile-long pipeline carries 45 percent of the U.S. East Coast’s fuel supplies. This vital fuel supplier was forced to temporarily shut down after a ransomware attack, leading to panic buying and gas hoarding.
According to the Guardian, “The wider American public was afforded an unwanted glimpse into the wild west world of ransomware this week, after a cyberattack crippled Colonial Pipeline, causing fuel shortages across the eastern seaboard and states of emergency to be declared in four states.”
And this was just the tip of the proverbial iceberg.
Remote Work Model Brings New Vulnerabilities
Since the beginning of the COVID-19 pandemic and the resulting tectonic shift to remote work and online collaboration services, enterprises have come under increased threats from cyberattacks. NETSCOUT’s 16th annual Worldwide Infrastructure Security Report (WISR) found that in 2020, distributed denial-of-service (DDoS) extortion attacks grew by a whopping 125 percent.
Nearly half of survey respondents reported an increase in DDoS attacks during the pandemic, many of which targeted vulnerabilities exposed by a significant shift to online services. 83 percent of enterprises that suffered a DDoS attack reported that overloaded firewalls and/or VPN devices contributed to an outage, a 21 percent jump year over year. These devices need to be protected because they perform a vital role for organizations deploying pandemic-related work/learn-from-home scenarios.
Cybercriminals have been relentless in their attacks. The WISR, which offers insights from a global survey of network, security, and IT decision-makers across enterprise organizations, revealed that more than 66 percent of enterprises reported DDoS attacks that targeted customer-facing services and applications. The report also found 75 percent had their infrastructure targeted. Because these attacks affect an organization’s ability to service customers, they often directly impact revenue and profitability.
Frequency and Complexity of Attacks Are on the Rise
The WISR also confirmed that the frequency and complexity of attacks are on the rise. The report found the number of DDoS attacks that exceeded the target’s internet bandwidth rose from 43 percent to 50 percent, which is indicative of increased attack frequency. At the same time, more than 66 percent of enterprises were the subject of complex DDoS attacks in 2020, according to the WISR. Of these attacks, 57 percent were multivector attacks, compared with 38 percent in 2019.
Also of concern to enterprises is the growing threat from infected or compromised Internet of Things (IoT) devices. The WISR revealed that IoT vulnerability was a top IoT concern for half of the surveyed enterprises.
Firewalls represent another security concern for enterprises. Although firewalls are an effective perimeter security tool against certain kinds of threats, they are not truly intended to stop DDoS attacks. The WISR found that 62 percent of enterprises are using next-gen firewalls to detect threats against their networks, but high failure rates present a notable problem.
One thing is certain: As we move forward, these threats are not likely to go away—or even diminish. That means security professionals must remain vigilant to protect the critical infrastructure that connects and enables the modern world.
Read the full report