For the first time in 28 years, the England team are through to the semi-finals of the World Cup. As all eyes turn to the pitch for the next match, hackers will be booting up the botnets ready to take on the excitable businesses who are increasingly giving away the ball on app protection and data security.
The EU General Data Protection Regulation (GDPR) – the cyberspace equivalent of the omnipresent Video Assisted Referee – will also be making its presence felt this Summer. The penalty for a breach is 2 per cent to 4 per cent of global turnover or €10 to 20 million, whichever is the bigger hit. The GDPR supervisory body can also flash the proverbial red card by immediately suspending all data processing if the risk to an EU citizen’s privacy is deemed unacceptable.
According to the Ponemon Institute’s 12th annual Cost of Data Breach study, the global average cost of a data breach currently stands at $3.62 million. The ongoing reputational costs are harder to quantify, so it’s not worth being sent off over compliance complacency. Like any competition, every company must now train hard and be ready to take a stand against cybercrime with the goal of protecting data.
Bots take to the field
Football is a game of two halves, and so too is the Internet. Recent research by F5 Labs suggests that half of the Internet’s traffic comes from bots, 30 per cent of which are malicious. Most bots search for vulnerabilities, scrape websites or participate in DDoS attacks. They can speed up password-guessing to break into online accounts, mine cryptocurrency such as Bitcoin, and attack anything requiring a large network of computers.
Most botnet based attacks are designed for disruption and exploitation. Typical attacks include the creation of Spam email relays and Denial of Service (DoS) activities designed to prevent access to websites. Another concern flagged by F5 Labs is the inexorable rise of Thingbots: botnets which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for today’s attackers due to their poor security and ease of compromise.
Weaponised botnets, such as Mirai and Reaper, are on the rise, with Symantec recently revealing botnet operators are actually fighting over the same pool of devices, identifying and removing malware belonging to other botnets. Now is the time for businesses to look beyond logins and passwords and embrace cutting-edge techniques and integrated solutions that are both simple to use and can bolster security.
Year over year (2016-2017), F5 Labs found that Telnet brute force attacks against IoT devices rose 249 per cent. Moving ahead, IoT’s destructive arsenal is set to explode in scale. Gartner recently reported that there are 8.4 billion IoT devices in use and the number is expected to grow to 20.4 billion by 2020. Botnet risks rise significantly when moving to multi-cloud environments as many businesses are now doing out of operational necessity. In particular, many cloud consumers assume that security is inherently better in the cloud and do not realise the same vulnerabilities that plagued them in their datacentre are just as present in the cloud. Cybercriminals are also now equipped to take attacks to a new level using automation and intelligent decision trees to exploit proven vulnerabilities.
Tackling advanced app security
A threat defence is only effective if it safeguards sensitive data. Visibility is fundamental to understanding normal application behaviour, detecting anomalous traffic and being able to report data breaches to the relevant data protection authorities. Visibility means having insight into all traffic that passes between users and applications. It is essential that security systems understand the application, the protocols and can see into encrypted traffic. Context is equally important and the key to understanding the characteristics of an application’s environment, including behavioural insights that enable rapid adaptation where required. Incisive visibility and context are crucial to informing decision-makers, which means that robust security controls can be implemented to protect your apps and data.
One of the best first lines of defence in the game is a web application firewall (WAF). F5’s 2018 State of Application Delivery (SOAD) report revealed that 98 per cent of surveyed customers protect at least some part of their application portfolio with a WAF. More than 40 per cent protect half or more of their apps.
Web application security can be time-consuming and costly, especially when it comes to developing and maintaining comprehensive web security controls. Security efficiency and ease of management are the most critical requirements for a modern WAF, which needs to be easily deployed wherever the applications live (i.e. in the DMZ, close to the internal Web applications and services, in the cloud). It needs advanced detection capabilities to block zero-day attacks without generating false positives.
However, not all WAFs are capable of safeguarding against the full scope of today’s hyperactive threat spectrum. This is where Advanced WAF (AWAF) comes in. AWAFs make it possible to achieve better business intelligence by differentiating automated bot activity from real human engagements. It also enables businesses to leverage valuable threat behaviour analysis. Application threats, in particular, are on the rise as organisations transition workloads to the cloud and encounter new levels of infrastructural and operational complexity.
Crucially, AWAFs provide powerful defensive capabilities against malicious bots going beyond signatures and reputation to block evolving automated attacks, prevent account takeovers (with encryption at the application layer), and protect apps from DoS attacks (using machine learning and behavioural analytics for high accuracy). Comprehensive protection from mobile attacks is also provided through Anti-Bot Mobile SDK rich security services, including application whitelisting (i.e. index of approved software), secure cookie validation, and advanced app hardening.
Blowing the whistle on cybercrime
Organisations need to prove they are responsible data custodians. Security and transparency are now essential attributes for customer service. It’s time to blow the whistle on cybercrime.
Investing in integrated security solutions protects what matters: your applications. The net result is that data are protected, the business upholds compliance standards and your customers remain enthusiastic, loyal fans – a world class winning combination.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.