What Can Happen In 3 Cybersecurity Seconds?
By George McGregor
We are all too familiar with the phrase “time is money” – and yet, with today’s technology and advancements, when a multitude of security events can take place within a short amount of time, it is becoming easier to quantify the exact value of time.
What does three seconds mean in today’s terms? In three seconds, on average, 0.2 million Google search queries are made, 9 million emails are sent and £34,000 is spent online. On a similar note, three seconds can be enough to prevent an organisation from losing tens of thousands of dollars.
When it comes to DDoS (distributed-denial-of-service) attacks, time is of the essence when mitigating the attack. Every second that it takes for an organisation to respond to an attack after it’s been deployed can have a huge impact on the business, be it in terms of man hours spent or sales and reputation lost. This is why it is crucial to emphasise the process of effectively identifying attacks to ensure rapid mitigation.
The changing cybersecurity landscape
Cybersecurity is a never-ending arms race between bad actors and IT and security teams. Unfortunately, over recent years attackers have become increasingly powerful. They now come armed with effective, inexpensive hacking tools and deep knowledge garnered from successful breaches. Different methods of attacks include sprawling botnets, probing soft targets such as website logins, and hammering web applications with DDoS attacks of unprecedented ferocity.
What’s important to note is that the attackers haven’t just grown stronger, the attack surface has simultaneously grown with them. Most companies are currently engaged in digital transformation: automating their business processes, moving workloads to the cloud, and deploying technology such as microservices to boost productivity and innovation and better serve customers and partners. However, there is always a downside. Each time you invest in new technologies and move workloads to the cloud, your threat surfaces are also evolving and expanding.
It comes as no surprise that eight out of 10 CSOs and CISOs surveyed in a 2019 CyberThreat Defense Report admitted their company suffered a breach last year, with a shocking one-third admitting they had been breached more than 6 times. And seven out of eight security leaders think their company will be breached this year.
What is the solution?
Companies could try to minimise their security gaps by locking down their workers and reversing their modernisation moves. However, even if that strategy were feasible, it would result in massive shocks to their productivity and revenue-generating businesses that would likely outweigh the huge financial damage from an actual breach.
Protection must be adapted not only against a wide range of cybersecurity threats, but also must be able to target business-critical APIs, legacy systems and applications based on open source.
Protection practices which businesses must adopt to mitigate these threats include:
- Comprehensive bot protection
Security solutions that help companies protect the platform and devices that they communicate with will add the first and most critical layer of protection.
Bot protection that detects and stops hackers from using stolen credentials to hijack web user accounts is paramount to every business. In conjunction with artificial intelligence, this protection will streamline processes and provide stronger overall security.
- Built-in application protection for websites and APIs
Open APIs enable digital businesses to innovate quickly with partners and customers, but they are also vulnerable to attack. API security solutions will automatically build and enforce a positive security model for all of your published APIs, while integrating with API gateways.
- DDoS Protection
Every second counts when mitigating DDoS (distributed-denial-of-service) attacks. When an attack is deployed, every second you spend waiting to mitigate it will result in tremendous loss for your organisation, whether that’s through reputation or financial loss. Ensuring quick recovery is key for the longevity of your business.
Time to Mitigation (TTM) can vary widely among service providers, making it crucial for businesses to be aware of how protected they are against these attacks – especially when the state of their business depends on these recovery periods. Businesses must ensure they adopt the best practices to protect themselves from DDoS attacks, giving them the best mitigation guarantee that covers attacks of any size or duration – without exceptions.
- DDoS protection all the way to the edge
Protecting individual IP addresses with anti-DDoS services is also paramount to ensuring maximum security. This will speed up the response time, as each protection service is assigned to a particular IP and has less traffic to monitor as a result. Rather than treating your entire network as a single target with a single shield, protect the addresses of individual vulnerable services.
The significance of an effective edge protection programme is that customers with workloads hosted in the cloud can enjoy the same level of DDoS protection available for on-premises websites, networks, and domain name servers (DNS).
Time is of the essence
A rapid response is crucial to reducing the impact of DDoS attacks – but that’s only possible if you can recognise when malicious requests are coming into your servers.
Achieving that split-second identification is far from easy, however. For that reason, rather than relying on on-demand protection, which requires ongoing detection of malicious requests, organisations should shift their focus towards an always-on service – a system which mitigate attacks immediately and automatically, without manual intervention.