The mounting concerns are evidenced in the Cyber Benchmark Index, which is a reflection of the current international cybersecurity landscape. At the start of this year, the index hit the highest ever rating (19.4) since NISC began mapping threat levels in May 2017. During the same period in 2018, the cyber benchmark index only reached 10.5.
Aside from bot traffic, security professionals perceived DDoS attacks to be the highest threat to their enterprise, with over half of respondents (52 percent) admitting to being on the receiving end of an attack. This was followed by system compromise, ransomware and financial theft.
However, despite DDoS ranking as the greatest overall danger to businesses, generalised phishing attacks were seen to be the most increasing concern. When considering where these threats might come from, security professionals viewed the world at large to be the biggest worry – a 60 percent rise from the previous reporting period.
“Fears around bot traffic and bot-powered DDoS attacks are extremely valid but by no means new,” said Rodney Joffe, Head of the NISC and Neustar Senior Vice President and Fellow. “However, with the rapid rise of the Internet of Things – whether that be across smart cities, banking or a nation’s critical infrastructure – the ability for bots to cause havoc at a global level has increased significantly. Without the appropriate detection, data scrubbing and mitigation tools in place, IoT devices have the potential to become part of a malicious botnet, whereby hackers essentially weaponise these devices to launch more powerful DDoS attacks. Worryingly, as more and more devices continue to connect to the Internet, these types of attack pose an increased risk to not only the defences of an enterprise, but also to a whole nation.”
“Unfortunately, bot traffic makes up a large proportion of the Internet,” continued Joffe. “So it is key that organisations make sure incoming data is scrubbed in real-time, while also identifying patterns of good and bad traffic to help with filtering. While it is encouraging to see that more organisations are implementing bot traffic manager solutions, it is imperative that businesses employ a holistic protection strategy across every layer for the best level of protection. Implementing a Web Application Firewall (WAF) is crucial for preventing bot-based volumetric attacks, as well as threats that target the application layer.”