Cybersecurity Lessons Learned in 2015
The year 2015 has proved to be a milestone in cybersecurity. Not just because of the big data breaches and security lapses with names like Sony, WTO, Ashley Madison, and TalkTalk, but also for the lessons that we have learned. We already know that breached companies were underplaying on security, and were taking web application loopholes lightly. What else was in the year that we can take in 2016?
1. Distributed denial-of-service (DDoS) is on the rise.
A little while ago, when we launched our first webinar meet with Tata Consultancy Services (TCS) and Amazon Web Services (AWS), application layer DDoS was a huge part of the discussion. We have figured that most companies face this grave issue of fake traffic deluge that eventually crashes their server and can’t do much about it.
This year alone, DDoS attacks have grown more than 132% with 20% of such attacks lasting for days and even months. While other cyber-attacks on web applications can be analyzed and patched proactively, app DDoS need constant traffic monitoring, which most companies find it difficult to invest in. Moreover, with zombie bot attacks available for hire for less than $5, anyone from a disgruntled employee to competitors can cause severe business reputation and financial damage.
Moving forward, DDoS issues are only going to get severe in the coming months until handled with smart monitoring and proactive blocking before any performance damages to the website. Take a look at Total Application Security and WAF DDoS blocking to find out how such attacks are stopped.
2. Ransom and blackmailing have emerged as ugly cyberattack faces.
If you thought that attackers are only interested in silently stealing your money or selling your database, there is a lot more to worry about. In 2015, ransomware and application attacks to hold companies against ransom have increased tremendously. What’s shocking is that these attacks have higher success ratios as nothing is more precious to breached companies than their data and admin access.
This October when the TalkTalk database was breached, the company received a ransom demand from a group or individual that claimed the responsibility. They demanded approximately £80K in Bitcoins. However, TalkTalk refused to provide any data on who this group/individual was.
In fact, even IT professionals think that ransomware is the biggest cybersecurity problem and should be addressed quickly. In a recent survey conducted by IT professional network Spiceworks, 88% of the respondents had concerns with the threat.
3. Startups are easy targets for attackers.
The world is getting more and more technology-driven. In order to succeed, the new-age businesses have to digitalize everything from transactions to record keeping. While large organizations have the resources to secure such an infrastructure, startups often fall short of it. This year, data breaches proved to be the Achilles’ Heel for startups like some of the renowned online taxi services and song portals.
It’s not that hackers are looking only to dupe transactional process, in fact, they are highly interested in digital records too. The digitalized records sell in the black market from anywhere around $50 to $150. Now you know what these people have earned by stealing millions of records with simple SQL Injection and XSS vulnerabilities. The vulnerabilities could easily have been detected with Web Application Scanning.
4. Application security is mainstream.
The year 2015 saw breaches happening at every level. No company- big or small is immune to such attacks unless it takes cybersecurity seriously. With web applications playing a crucial role in financial transactions, logins, and communications, it will be consequential for security professionals and business decision-makers to ask the right questions. Can they lose data? Can they afford to lose data? Can data breaches be avoided? Can they hire and manage the cybersecurity team or outsource it?
Data, customer trust, and business reputation go hand in hand. If you separate one thing from the other, the whole digital structure will go to tumble down. Therefore whatever security program you use, it is elemental to target Total Application Security. Weaknesses that hackers can use should be found continuously, attack attempts should be identified and blocked, and traffic should be monitored to learn about new attack techniques and to improve security without affecting business.