In the digital era, running a business essentially means also running a website. Whether your company has its own website for providing services, or runs a dedicated e-shop, the truth of the matter remains the same: internet is a marvelous tool, but also a source of increased risk, and business owners need to be mindful of that and focus on increasing security for their online presence.
Increasing Cyber-security Safeguards Client Loyalty
As the recent WannaCry and Petya/NotPetya ransomware attacks demonstrate, company websites are well on the radar of hackers. One of the preferred methods for attacking websites are Distributed Denial of Service attacks – or DDoS for short; in this type of attack, cyber criminals overwhelm a website with traffic from different sources, causing it to reach its limits and thus rendering it unable to continue operating properly or even crash.
This proves very frustrating for those attempting to reach a specific website and access services, as it disrupts the customer experience and results in loss of customer loyalty. Cyberattacks not only cost firms money in damages, compromised infrastructure and reimbursing affected clients, but are also bad for their reputation and, ultimately, business: for example, it was reported last year that the infamous security incident at UK telecommunications giant TalkTalk resulted in the company losing around 100,00 subscribers within a single quarter.
DDoS Attacks Are Now Shorter but more Powerful
According to research carried out for the first quarter of 2017, DDoS attacks are becoming shorter, yet more elaborate and more powerful. As the 2017 Q1 Global DDoS Threat Landscape Report, which analysed around 3,500 network layers and over 14,000 application layer DDoS attacks illustrates, 80% of all security incidents were under 60 minutes and 90% of total network layer attacks had a duration of less than 30 minutes – a significant increase from over 78% in the quarter preceding the report. At the same time, 40% of the breaches were multi-vector attacks, again a crucial rise from less than 30% during the prior quarter. 74% of targets were assaulted multiple times, with 19% of them receiving repeated hits for at least 10 times, and one particular case saw a North American website specializing in science news being attacked over 1,000 times by low-volume assaults that lasted a maximum of 10 minutes.
Personnel Training and Proper Protection: Key Action Points for Companies
As DDoS attacks become more complex and with an increasingly financial focus, South African enterprises might feel the ripples sooner that they think. In the 2016 Internet Crime Report published by the FBI Internet Crime Complain Centre, South Africa features 12th in the list of top foreign countries by number of victims of cyber-attacks. Companies need to take counter-measures, spending time and effort on IT personnel and proactive measures. Cyber-security tools like a high quality web application firewall will protect against threats such as SQL injections, cross-site scripting and other threats. A firewall essentially inserts multiple extra layers of protection between the website and malicious requests, filtering out potential threats. Some WAF vendors also offer cloud-based DDoS protection as an integrated package. Moreover, a 2015 study published on Statista revealed that 60% of all cyber-attacks are inside jobs – and of those, more than 15% are caused accidentally. Accordingly, proper personnel selection and clearance, as well as providing training and increasing awareness across all employees might prove pivotal in averting future attacks.
You will find more statistics at Statista
As we move forward, cyber-criminals are refining their methods and increasing their potential to do harm – luckily, cyber-security experts are also getting more and more prepared to respond efficiently. Companies have the tools to counter hackers at their disposal; they just need to pay attention and use them.