According to a new survey from Telia Carrier, almost half (45%) of business leaders claim that their company has experienced more network security incidents as a result of the COVID-19 pandemic. The research, entitled 'Enterprise Network Security 2021: A Post-Pandemic Threat Landscape Report' was conducted in the US, the UK, Germany and France and provides insights into current corporate security concerns at the top of business.
Geographically speaking, 55 per cent of US and 49 per cent of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area.
A sizeable 68 per cent of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59 per cent of their German and 56 per cent French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).
"Due to the sensitive nature of these incidents, the survey didn't ascertain the extent to which cybercriminals were successful in extorting money from enterprises, but the results do highlight the seriousness of the problem and that there is a financial motive behind many DDoS attacks," says Mattias Fridström, Chief Evangelist at Telia Carrier. "The findings also clearly suggest that UK businesses are being specifically targeted and that the heightened fears of US and UK businesses are justified."
COVID-19 has also had an impact on the sense of vulnerability among business leaders, with 51 per cent of them feeling more vulnerable to cyber attacks since the pandemic. In keeping with the other trends identified, the US and UK again appear to feel the most vulnerable.
The impact of these DDoS attacks has been dramatic for some, with 11 per cent of respondents saying that such an attack has posed a threat so serious that it could have undermined business continuity. A further 40 per cent said that such an attack had a major impact, resulting in significant disruption and loss of business revenues. The countries most severely impacted were the UK (43%) followed closely by the US (39%), with organisations within the financial service and IT service sectors suffering the most.
Security Pain Points
Startlingly, 78 per cent of leaders revealed that they responded to up to 100 network security incidents in the last 12 months. The figures were highest in the UK and US.
As for the nature of the cyber threats faced, it is no surprise to find that phishing (where victims are contacted by fraudsters via phone, email or text message and lured into divulging sensitive information) is regarded by many leaders (56%) as the main cyber threat to their business. What is more telling, perhaps, is the fact that almost as many (49%) view DDoS attacks at the same level.
Commenting on these findings, Fridström says: "A comprehensive security solution for enterprises consists of several components, where network security is only one part. However, the network is probably the most vulnerable part of the security stack because of its inherent exposure to the outside world – often across long distances. When it fails, so do all the systems and workflows that depend upon it. It comes as no surprise, when you look at these findings, to know that network security is also by far the biggest security cost for business with 42 per cent of leaders citing it as their greatest security outlay."
To counteract the network security threats, nearly half (45%) of leaders currently mitigate DDoS attacks by using ISP/network provider DDoS protection. A significant number have their own in-house mitigation/scrubbing capabilities (34%). Cloud-based solutions are utilised by less than a fifth, while a small but worrying three in 100 businesses don't mitigate at all.
When asked about their familiarity with network service providers' DDoS protection services, more than half (53%) of respondents said that they do not consider themselves to be familiar with the DDoS protection services offered by network service providers. Leaders in the US displayed the highest level of familiarity, while those in France had the lowest.
"Enterprises need to evaluate potential security threats throughout their entire ICT ecosystem if they are to successfully face down the ever-increasing severity and unpredictability of evolving threats in an increasingly digitalised and distributed business environment. They will need to act on the lessons learned from the COVID-19 pandemic and scale their security programmes with sufficient headroom to protect their business from future, and as yet unforeseen, threats," concludes Fridström.
Research was carried out online in February-March 2021, with 418 industry representatives in the US, the UK, Germany and France, on behalf of Telia Carrier by Savanta, a global digital data collection company. Participants in the survey came from a range of industries including IT services, banking, manufacturing/engineering and finance/financial services. All worked for enterprises of more than 4,000 people. All respondents were involved in decision-making regarding their company's network security and development strategy.