Cyber attack ‘Hit List’ expands

The risk of a damaging cyber attack has increased substantially over the last year for several UK industries, including the financial services sector. That’s according to new research by Radware®, a leading provider of application delivery and application security solutions for virtual and cloud data centres. The findings accompany the latest edition of Radware’s Global Application & Network Security Report.

In the report, developed by Radware's Emergency Response Team (ERT), the financial services sector has been placed at the centre of its 'Ring of Fire', which identifies industries most likely to be targets of DoS/DDoS attack. This follows a wave of high profile attacks across the globe including a DDoS attack on RBS Group, which prevented customers from accessing its online services during December last year.

Radware’s Ring of Fire also saw the energy and ISP sectors creep closer to the high-risk centre. Most concerning however, is the jump of two places made by the hosting sector. With so many industries dependent on hosting, the risks become far more widespread impacting not only the company being attacked but the companies and consumers that rely on their services.

Speaking at a recent cyber security summit, UK Business Secretary Vince Cable warned of the vulnerability that Britain's essential services face from cyber attacks, saying that there was a growing threat of disruption to "everyday life".

Adrian Crawley, Regional Director UK & Ireland at Radware agrees, and explains the risks: “The technology and methods used to penetrate organisational networks have become so sophisticated in the last year that we’ve seen some types of attack more than double, raising the risk for individual companies and those that depend on them. 2014 will be the year when companies need to look beyond their own business continuity plans and include partners and suppliers.”

In the report, 87% of 198 organisations surveyed experienced DDoS issues in the last year. 60% suffered service degradation while 27% experienced a complete outage. This can be explained by the increasing complexity and the sequential nature of attacks now occurring. Findings show that 50% of cyber hactivists now use five or more methods of attack at a time.

Importantly, unplanned data outages as a result of DDoS attacks were widely acknowledged to be a massive financial risk by respondents, with companies stating they are investing 15% more than last year to help mitigate the risk.

“In today’s fast moving world, customers won’t wait for even the slightest delay to an online page loading, let alone wait for a website to come back online if it suffers an outage,” adds Crawley. “The same applies within the business where a DDoS attack can prevent a company that is heavily reliant on web based systems from functioning altogether. It’s startling to see just how much money can be lost in a matter of minutes when there’s a DDoS attack. The financial repercussions are great, when you consider that typically every lost minute is worth approximately £13,400 in lost traffic, diminished end user productivity and forfeited revenues.”

Crawley concludes, “Boards must ask questions of their IT providers, including ISPs, data centre, hosting and cloud system providers: ‘What’s their plan, what does their ‘Emergency Response Team’ look like and how quickly will they be able to respond to multiple and sustained attacks?’ In essence, CEOs needs to ask ‘How will you protect my company’s reputation and ensure that my business won’t lose revenue and customers if your networks are attacked?’.”