Thursday, 9th July 2020

Cyberattacks breach firewalls half of the time

According to new research, many have had their networks infiltrated; others admitted to facing difficulties when altering WAF policies to guard against new attacks.

Neustar has released a new report from the Neustar International Security Council (NISC) highlighting growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF).

Almost half (49%) of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50 percent or more of attacks had managed to get around their application layer firewall.

These findings come at a pivotal time, as organisations continue to adapt their security strategies to cope with the increase in malicious web activity associated with COVID-19. Almost 30 percent (29%) of respondents admitted they had found it difficult to alter their WAF policies to guard against new web application attacks, while just 15 percent said they had found the process very easy.

Despite many having already been on the receiving end of a successful web-application attack, 39 percent of respondents declared they do not have a WAF that is fully integrated into other security functions; a technique that is critical in developing a holistic defence against a variety of attack types. Three in ten also claimed that half of network requests have been labelled as false positive by their WAF in the last year.

“As members of the public we have witnessed the steady and significant growth of volumetric DDoS attacks, fake domains, malicious malware and harmful misinformation. However, while these may be the security concerns capturing headlines, those within the community have also seen the unsettling rise in application-layer attacks,” said Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow at Neustar. “Often unleashing destruction before they are even recognised, these attacks are equally as damaging, targeting specific vulnerabilities to cause a multitude of complications for those on the receiving end.”

“Due to their ‘under-the-radar’ nature, application-layer attacks are difficult to detect and therefore require a security posture that is always-on in order to be identified and mitigated. Only by providing protection across the entire network can organisations respond to the type of threats we are seeing today. For full-protection that doesn’t hinder business performance or add unnecessary complexities, organisations should opt for a cloud-based WAF, underpinned by curated, actionable threat data. Not only is this approach guaranteed to safeguard against the most common web threats, it also delivers visibility into application traffic, no matter where the applications themselves are hosted,” added Joffe.

Findings from the latest NISC research also highlighted a steep 12-point increase on the International Cyber Benchmarks Index year-on-year. Calculated based on the changing level of threat and impact of cyberattacks, the Index has maintained an upward trend since May 2017.

Partnership enables security teams to identify unmanaged assets connecting to the corporate network,...
Survey reveals users take security training seriously, but may still engage in risky behaviour.
Service presents integrated view of cloud assets, offers automated remediation and monitors misconfi...
Marked increase in protection of corporate financial information using cloud-based security tools.
Netwrix survey reveals that 33% of financial organisations discovered sensitive data in insecure sto...
Even as travel restrictions slowly ease around the world, our work environment doesn’t look like goi...
Okta, CrowdStrike, Netskope, and Proofpoint to deliver integrated product solutions, advanced insig...
Despite increase in cases during lockdown, one-in-five admit they couldn’t access a working backup o...