WASHINGTON, July 20, 2013 — Based on client surveys, a report released this past week by a leading cybersecurity firm reveals some startlingly dismal numbers on the breadth and increasing scope of cyber attacks. The report was issued by Prolexic Technologies, a Florida-based technology provider of distributed denial of service protection services that is now a part of cloud platform giant Akamai.
Specifically, the report found a dramatic uptick in the frequency and significance of distributed denial of service (DDoS) attacks. A DDos attack, in essence, seeks to overwhelm computer servers with illegitimate visit requests, rendering websites unviewable to legitimate visitors.
As the report notes,
“… the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013,” adding, “These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012.”
“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.”
Published by KPMG, one of the largest professional services companies in the world, a May report entitled “Cyber threat intelligence and the lessons from law enforcement” paints a stark picture of private sector firms’ and organizations’ failure to properly understand the cybersecurity world. The result is a significant inability to address the significant vulnerability to such attacks.
KPMG notes, “As adversary sophistication increases, many organizations react when it is too late – the attack is underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost effective and customer focused.”
Essentially, a significant number of organizations have a fundamentally flawed (or ineffective) approach to cybersecurity. Such ill-equipped organizations need to heed the lessons learned by law enforcement and intelligence agencies that have been dealing with these types of threats for substantially longer periods of time and with greater focus.
According to KPMG, organizations need to stop playing catch-up and “create an intelligence-led mindset.” Following an initial shift in organizational thinking and threat perception, firms will need to migrate strategies to be built on “intelligence operating models” to achieve, “an intelligence-led decision-making process.”
The reality remains that cybersecurity requires a rigorous security mindset to fundamentally address the threats and vulnerabilities at their core. This kind of methodology is similar in many ways to the “OODA Loop,” a military operations strategic thinking protocol whose acronym stands for “Observe, Orient, Decide and Act.”
Until the reality of the new cybersecurity environment sinks in for private sector CIOs and IT professionals, including a substantial shift in the business management mindset, firms and organizations will remain susceptible to serious cybersecurity threats. In a world where myriad threats evolve as fast as technology itself, it is no longer possible to maintain a “business as usual” mindset. Constantly playing reactive catch-up when it comes to cybersecurity is and will remain a futile effort, the equivalent to combating threats with one arm tied behind one’s back.
Follow Tim’s updates on Twitter @CyberTimbo.
Prolexic, now a part of Akamai. is the world’s largest and most trusted distributed denial of service (DDoS) mitigation service provider. Prolexic successfully blocks the biggest and most complex DoS and DDoS denial of service attacks that often overwhelm other vendors.