Software-defined security emerging as significant trend in development of network security
Attacks on web applications rose by 800 per cent in the first six months of 2020 compared to the same period last year, according to a report from CDN and cloud security provider CDNetworks.
Over 4.2 billion web application attacks were blocked in H1, a figure that is eight times higher than the same period in 2019.
DDoS attack incidents saw a 147.63 per cent year-on-year growth. Also, on average, 660 bot attack incidents were blocked every second, a number that is nearly doubled from last year.
“These alarming statistics show that enterprises are experiencing challenging times in their attempts to defend against cyber-attacks and protect their online assets,” according to the report titled State of the Web Security for H1 2020.
New tactics
The global pandemic is causing hackers to target media, public services, education and other sites profiting from the COVID-19 pandemic, turning their attention away from the less visited sites related to hospitality, transportation and other travel-related businesses, according to the report.
In September, the federal government encouraged all members of the research community – including those in government, academia, and the private sector – to take extra precautions to protect the security of COVID-19 related research, intellectual property and knowledge development.
Hackers have also been attracted to e-government and digital public service systems due to the sensitive and valuable information they hold, and the report said that attacks against public sectors will continue with increasing virulence.
Also, more than one billion of the web attacks were targeted toward the public sector, which accounts for 26 per cent of total attacks. And hackers are now using machine learning to detect and crack vulnerabilities in networks and systems, especially with the growth of artificial intelligence within cybersecurity.
“The report makes it crystal clear that attacks are rising in all vectors and types year over year. As new web application methodologies, from network security to cloud security, expose new attack surfaces, the boundary of security protection continues to expand with them,” said the report. “As a result, today's APIs, micro-services, and serverless functions are all vulnerable to malformed requests, bot traffic, and DDoS attacks at both network and application layers.”
“Moreover, the evolution of 5G networks, edge computing, artificial intelligence (AI), and Internet of Things is rapidly forcing conventional security into the dustbin. In its place, software-defined security is emerging as a significant trend in the development of network security.”
The report noted that enterprises that have an online presence and care about compliance, user privacy, security and online availability “must act immediately to adopt a comprehensive website security suite that includes a web application firewall (WAF), bot management solution, and DDoS protection.”
“Intelligent confrontation will be the new battlefield for cloud security in the near future. To minimize your exposure window, the time has come to fundamentally rethink strategy and embrace a layered defense to gain a tactical edge and achieve superiority on the battlefield in both conventional conflicts and asymmetric cyber-warfare,” said the report.
How to protect workers?
Randstad recently shared tech-based solutions to keep at-home working setup secure:
- Set up two-factor authentication
- Regulate VPN use
- Avoid public networks
- Only use company security-approved devices
- Ask employees to secure their router
Recently, the federal government invested $160,000 in a Montreal-based engineering firm to develop a model that will help protect Canadian companies from cyber-attacks, providing security to the cyber systems that underpin Canada's energy infrastructure.
