Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Cybersecurity Lessons Learned in 2015

Posted DateNovember 26, 2015
Posted Time 3   min Read

The year 2015 has proved to be a milestone in cybersecurity. Not just because of the big data breaches and security lapses with names like Sony, WTO, Ashley Madison, and TalkTalk, but also for the lessons that we have learned. We already know that breached companies were underplaying on security, and were taking web application loopholes lightly. What else was in the year that we can take in 2016?

1. Distributed denial-of-service (DDoS) is on the rise.

A little while ago, when we launched our first webinar meet with Tata Consultancy Services (TCS) and Amazon Web Services (AWS), application layer DDoS was a huge part of the discussion. We have figured that most companies face this grave issue of fake traffic deluge that eventually crashes their server and can’t do much about it.

This year alone, DDoS attacks have grown more than 132% with 20% of such attacks lasting for days and even months. While other cyber-attacks on web applications can be analyzed and patched proactively, app DDoS need constant traffic monitoring, which most companies find it difficult to invest in. Moreover, with zombie bot attacks available for hire for less than $5, anyone from a disgruntled employee to competitors can cause severe business reputation and financial damage.

Moving forward, DDoS issues are only going to get severe in the coming months until handled with smart monitoring and proactive blocking before any performance damages to the website. Take a look at Total Application Security and WAF DDoS blocking to find out how such attacks are stopped.

2. Ransom and blackmailing have emerged as ugly cyberattack faces.

If you thought that attackers are only interested in silently stealing your money or selling your database, there is a lot more to worry about. In 2015, ransomware and application attacks to hold companies against ransom have increased tremendously. What’s shocking is that these attacks have higher success ratios as nothing is more precious to breached companies than their data and admin access.

This October when the TalkTalk database was breached, the company received a ransom demand from a group or individual that claimed the responsibility. They demanded approximately £80K in Bitcoins. However, TalkTalk refused to provide any data on who this group/individual was.

In fact, even IT professionals think that ransomware is the biggest cybersecurity problem and should be addressed quickly. In a recent survey conducted by IT professional network Spiceworks, 88% of the respondents had concerns with the threat.

3. Startups are easy targets for attackers.

The world is getting more and more technology-driven. In order to succeed, the new-age businesses have to digitalize everything from transactions to record keeping. While large organizations have the resources to secure such an infrastructure, startups often fall short of it. This year, data breaches proved to be the Achilles’ Heel for startups like some of the renowned online taxi services and song portals.

It’s not that hackers are looking only to dupe transactional process, in fact, they are highly interested in digital records too. The digitalized records sell in the black market from anywhere around $50 to $150. Now you know what these people have earned by stealing millions of records with simple SQL Injection and XSS vulnerabilities. The vulnerabilities could easily have been detected with Web Application Scanning.

4. Application security is mainstream.

The year 2015 saw breaches happening at every level. No company- big or small is immune to such attacks unless it takes cybersecurity seriously. With web applications playing a crucial role in financial transactions, logins, and communications, it will be consequential for security professionals and business decision-makers to ask the right questions. Can they lose data? Can they afford to lose data? Can data breaches be avoided? Can they hire and manage the cybersecurity team or outsource it?

Data, customer trust, and business reputation go hand in hand. If you separate one thing from the other, the whole digital structure will go to tumble down. Therefore whatever security program you use, it is elemental to target Total Application Security. Weaknesses that hackers can use should be found continuously, attack attempts should be identified and blocked, and traffic should be monitored to learn about new attack techniques and to improve security without affecting business.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Application Security Checklist
The Comprehensive Web Application Security Checklist [with 15 Best Practices]

Secure your web apps effectively with this comprehensive web application security checklist. Mitigate all risks and bolster your application’s defense.

Read More
Cloud AppSec Measures
10 Ways to Implement AppSec Measures for Your Cloud Ecosystem

Secure your cloud ecosystem with these 10 AppSec measures. Learn how to implement robust security measures to protect your data

Read More
Application Security: How Prevention Beats Remediation?

More sophisticated attacks and threat vectors are targeting businesses today. Learn how prevention beats remediation for application security.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!