A recent global study has shown that the average actual calculated cost of a cyber attack now stands at $1.67m. That’s an enormous sum to have in reserve should your company be hacked. But some would argue it’s also a conservative sum.
Why? Well, with two in five reporting reputation loss as a result of an attack, it seems no one can say what the hidden longer-term costs are at the time of an attack.
A hacker's motive
It can take time for the full impact to be felt and as recent high profile breaches have shown, the cost of revenue is one thing, the lasting effect on the share price and customer loyalty is quite another. If you needed more persuading of this then look to the stat that says 90 percent of companies worldwide indicate that they suffered some kind of negative impact to their relationships with customers as a result of cyber attacks.
Of course, that’s before we mention the cost of regulatory fines. With GDPR now in full swing no one can afford to be complacent when it comes to personal data, either in terms of how it is managed and stored, or how it is gathered. It’s a serious matter for anyone involved in the data supply chain.
However, perhaps more interestingly, the same study highlighted that service disruption was the main reason hackers took up arms.
In fact, 45 percent of security leaders said that attacking the data center and causing a business to grind to a halt was more prevalent than theft, which was only true in 35 percent of cases.
But whichever way you look at it, the reasons still boil down to the notion that attacks are done to cause harm. Just eight percent are for other reasons including espionage.
So where does that leave the data center custodian? Above all it’s reaffirmation that securing the data center has to be a priority into 2019. Data centers are seen as a gateway for hackers and no matter how sophisticated the defenses become they won’t be put off from attacking them.
Indeed, with a 15 percent increase in attacks designed to partially or completely disrupt service last year, we should expect attacks on data centers to go up.
So with that in mind, it's useful to know what kind of attacks to expect. Top of the list is denial of service attacks, both volumetric and non-volumetric designed to exhaust the resources of the target server or application.
Typically, but not always, DDoS attacks cause traffic floods that congest the capacity of the targeted network or server and prevent legitimate users from accessing them.
While traditionally these floods were generated at the network level, two years ago we saw a shift and in 2017 the application layer emerged as the preferred vector. Last year though, the application layer was still a target, network-layer DDoS attacks were back on the agenda, growing 12 percent year over year.
This gives some clarity to the situation and underlines the fact that you need to be ready for anything. Hackers will try all means available to achieve their goal.
They will try new techniques and deploy bots to do it for them, and they will resurrect tried and tested methods they can rely on. If they are hell bent on disrupting your business they will do it whatever it takes.
They will also be relentless. More than 20 percent of denial of service campaigns last for 12 hours or more. That’s a sure way to fatigue the target network and security teams.
Hackers aren’t afraid to go big either. Attacks that measure about 1tbps are starting to happen more and more often, and there are more reports of burst attacks, which deploy attacks in waves.
It’s easy to see why 83 percent of companies are turning to machine learning and artificial intelligence (AI) to defend their infrastructure. No human can process the attack data rapidly enough to formulate a plan that will ensure success, and for half of companies AI offers a way to react at speed.
Security teams will therefore have to strike that fine balance between selecting technology that can adapt to changing tactics, respond and mitigate against them, and find ways to keep the company up and running as well. That’s doubly hard if you one of the millions of firms undertaking a digital transformation program.
It will take extraordinary skill to get it right, and time and money too. But it’s vital businesses invest in getting it right because it’s the skills and processes that customers will trust organizations to have. They expect companies to deliver on the promise of security and that they take their responsibility to comply with regulation seriously.
The quickest way to lose customers is to betray that confidence, especially when it comes to their personal information. Hackers understand that too. That’s why hackers spend so much time adapting tools and techniques to disrupt that delicate balance.
And that’s also why it’s important executives from every business unit understand how cyber security affects the overall success of their business. It can’t just be left to data center, network and application teams. It’s a problem that everyone in the organization has to be aware of and must play their part in preventing.
Failure to get this right will only lead to failing the customer, and as the opening paragraph shows, we know too well that no one can afford that.