New Report Reveals 65% of Organizations Experience Three DDoS Attacks a Year, But Majority are Unprepared to Mitigate Attacks
MAHWAH, N.J., November 13, 2012
Radware and Ponemon Institute Survey Finds IT Industry is at a Tipping Point in the Battle Against Cyber Criminals
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today's threat landscape. In a new report titled "Cyber Security on the Offense: A Study of IT Security Experts," the Ponemon Institute and Radware®, (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations.
"The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared," said Avi Chesla, chief technology officer, Radware. "From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It's critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage."
Key findings from the report include:
Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.
DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it's clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute - including lost traffic, diminished end-user productivity and lost revenues - it is no surprise that respondents ranked availability as their top cyber security priority.
63 percent rate their organization's offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker's computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it's clear that the old adage, "the best defense is a good offense" is not being practiced by most firms.
Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it's clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more frightening, today's threats are multi-layered, targeting not only networks but the data and application levels as well.
"There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry," said Larry Ponemon, chairman and founder of the Ponemon Institute. "The report's findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses."
To access a complete version of the report, please visit www.ddoswarriors.com, Radware's in-depth resource for information security professionals. In addition, Radware will host a webinar on November 14 to discuss the report's findings and provide actionable insights to help any organization properly mitigate attacks in an increasingly hostile threat landscape. Sign up here.
About Cyber Security on the Offense: A Study of IT Security Experts
The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 U.S. based IT and IT security practitioners responsible for managing their organization's cyber security activities. 62 percent of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65 percent of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents' perceptions of and experiences with their organization's cyber security infrastructure and the types of threats they now face.
In addition to the report's key findings, Cyber Security on the Offense includes:
- The top ranked negative consequences of cyber attacks
- Barriers to achieving a strong cyber security posture
- The technologies most favored by IT security professionals
- Top methods for performing counter techniques
- A comparison of attacks across the financial services, healthcare and public sectors
About the Ponemon Institute
The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.
©2012 Radware, Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries.
All other trademarks and names are property of their respective owners.
This press release may contain statements concerning Radware's future prospects that are "forward-looking statements" under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. These statements are based on current expectations and projections that involve a number of risks and uncertainties. There can be no assurance that future results will be achieved, and actual results could differ materially from forecasts and estimates. These risks and uncertainties, as well as others, are discussed in greater detail in Radware's Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange Commission. Forward-looking statements speak only as of the date on which they are made and Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the Securities and Exchange Commission's website at www.sec.gov or may be obtained on Radware's website at www.radware.com