British companies at risk of becoming cyber-dominoes

The ISP and hosting sectors were the most targeted industries of cyber-crime in 2014, and the trend is likely to continue in 2015. That’s according to Radware, a leading provider of application delivery and application security solutions for virtual and cloud data centres. The findings from its fourth annual ‘Global application and security report’, which surveys 330 companies globally* on cyber attacks on networks and applications, act as a strong warning to companies that depend on a hosting provider or ISP to ensure they do not become a ‘cyber-domino’ as a result of the security failings of their suppliers.

Ring of Fire: As part of the report, Radware publishes a ‘Ring of Fire’, which tracks cyber attacks and predicts the likelihood of attack on major industries. In the last 12 months, ISPs have moved up the risk rankings to become some of the most at-risk companies, joining the gambling sector and government at the centre of the ‘Ring of Fire’. Hosting companies have jumped from ‘low risk’ on the outside of the ring to just outside the ‘high risk’ centre.

Adrian Crawley, UK & Ireland regional director for Radware, says: “The news presents a stark reality for thousands of British businesses that rely heavily on ISP and hosting provision to host their website and network operations. If companies fail to ensure their network security planning includes that of their ISP and hosting partners then there’s no doubt that 2015 will see a great number of ‘cyber-dominoes’ fall.”

He continues: “The good news is that we know from conversations with CIOs of ISPs and hosting providers that they understand the risks and want to put in place robust solutions. Many of them agree that this is a three step process comprising hybrid solutions that protect them from the very complex and sustained attacks on application networks, collaboration with suppliers and customers, and using expertise from the security industry.”

Figure 1. Radware Global Application and Security Report, Ring of Fire
The report also shows that 19% of companies admit they are under constant cyber attack, three times as many as last year, yet 52% reveal they can effectively fight an around-the-clock campaign for only a day or less. The pressure this puts companies under has prompted boardrooms to take the threat of attacks more seriously. Three quarters of respondents said it is now a hot topic in the boardroom as reputation and revenue implications are better understood.

Carl Herberger, vice president of security solutions at Radware adds: “When interviewed, IT and network directors suggested that the shift in boardroom attitudes is not only helping them to raise the issues related to managing existing infrastructure but also the implications of embracing new trends such as bring your own device, the move to the cloud, and the Internet of Things (IoT).”

Carl continues: “The Internet of Things will be one of the greatest challenges for CIOs in the coming five years because of the prevalence of reflective attacks, where hackers use legitimate routes into the network to hide their identity and mask activity. For example, in anecdotal research, the healthcare industry was pre-occupied by the threat of death - it’s a scary thought to consider the possibility that life support machines or pace makers could be taken over and shut down by hacktivists using legitimate routes to get in.

In support of this finding, more than half (52%) reported changing security processes, protocols and/or mandates, and almost half (48%) of companies will employ hybrid protection of on-premise and cloud solutions that fight back on multiple levels.

The report has also revealed that the drivers for attacks are not clear. 70% of brands generally have no idea of the motive of the attack, though 15% say they have experienced ransom attacks, and 35% a politically motivated one, reflecting the growing enthusiasm to exploit geo-political events in the world – the conflict in the Ukraine being a notable example this year.