Digital Transformation Strategies Are Under Attack

NETSCOUT’s WISR shows increase in infrastructure targets as enterprises move to cloud

Worldwide Infrastructure Security Report

NETSCOUT’s 14th annual Worldwide Infrastructure Security Report (WISR) delivers a more comprehensive view than ever into the full scope of challenges, drivers, and roadblocks facing enterprise teams today.

As usual for the WISR, we surveyed service provider customers who can offer direct insights into a wide range of topics, from cyberattacks and major industry trends such as SDN/NFV and digital transformation to key organizational issues such as incident response training, staffing, and budgets. But this year, we also partnered for the first time with research and consulting firm IntelliClear to extend our reach to enterprise-security, network, and IT decision makers across seven countries—the US, Canada, Brazil, the UK, France, Germany, and Japan—and to expand our traditional security, network, and operational inquiries with a series of questions focused on cloud migration.

Cloud Migration: Baby Stepping

While cost reduction and the ability to quickly deploy and scale applications continue to be strong drivers of cloud migration, the need for a disaster recovery system topped the list of motivations this year, with nearly 60 percent of respondents deeming it extremely or truly important. The ability to expand into new geographical regions and the ability to shift CapEx and personnel costs into OpEx round out the top five catalysts.

Despite the clear drivers fueling cloud migration, enterprise adoption of public cloud offerings represents an ongoing journey, as companies move past early hype and acceptance to wrestle with the often-painful challenges involved with major mainstream migration.

  • While 62% of respondents plan to move at least some of their applications to a public cloud, only 18% plan to move all their applications
  • Only 11% of respondents report that all of their applications currently are in cloud-based environment; 7% have no plans to move any applications to a public cloud

While the hype train has been chugging along for many years, clearly many enterprises remain hesitant to get on board.

Security and Availability Are Top Barriers

Issues such as security and availability remain stubborn bottlenecks to wholesale enterprise cloud migration, with 61% of respondents citing security concerns as the top barrier for public cloud adoption and 51% citing stability and availability. Among other top barriers cited were ­­compliance or regulatory concerns (51%), cost (50%), and lack of organizational cloud expertise on a technical (46%) and business (45%) level.

Infrastructure Under Attack

It’s easy to understand why security is such a concern. This year’s report showed a clear trend: Infrastructure itself is under fire, with an increase in attacks targeting on-premises infrastructure, SaaS, and cloud-based services.

  • SaaS services: This year’s report found a t­hreefold year-over-year increase in the number of distributed denial of service (DDoS) attacks, from 13% to 41%.
  • Third-party data center and cloud services: Responses also showed a threefold year-over-year growth in the number of DDoS attacks, from 11% to 34%.
  • Targeting encrypted traffic: Increasing use of encrypted traffic was reflected in the growing rate of attacks targeting it. In 2018, 94% of respondents observed such attacks, nearly twice the percentage as in the previous year.
  • Targeting stateful infrastructure: Attackers have shifted their focus to stateful infrastructure attacks targeting firewalls and IPS devices. These attacks almost doubled in 2018, from 16% to 31%. Of those who experienced stateful attacks, 43% reported that their firewall and/or IPS contributed to an outage during the attack.

Of course, as service providers place growing importance on delivering cloud-based services to enterprises and consumers, it should come as no surprise that attackers are increasingly targeting these services as well. DDoS attacks on cloud-based services rose from 33% in 2016 to 47% in 2018.

Rising Consequences

Business impacts due to DDoS attacks varied greatly in 2018. Respondents reported measurable attack consequences, such as the cost of specialized remediation and investigation services (39 percent), as well as revenue loss (38%) and increased OpEx (also 38%). 37% of respondents also cited damage to reputation/brand, and 37% reported increased insurance premiums.

Tug of War

There is an ongoing tug of war between business leaders who crave the cost savings and operational agility of a digitally transformed organization, the security and IT teams who face enormous challenges and rising consequences, and the threat actors who understand full well just how important digital transformation is to your organization.

Can your company reap the cost-savings benefits without experiencing the painful consequences of a successful cyberattack against its infrastructure and digital services? That is the question facing every business today, whether you are 75% along the way or just beginning the journey.

Understanding the threats, targets, and motivations of the attackers is one way to begin to overcome those fears and understand how you can defend your organization from attacks targeting your digital transformation initiatives.

To learn more, download the full report.