Last month’s Info Security Europe was a great opportunity to talk to fellow security experts and businesses alike. It’s unsurprising that both BYOD (Bring Your Own Device) and DDoS (Distributed Denial of Service) remain high on most business agendas.
We were there, and a majority of the visitors to our stand wanted to specifically talk BYOD and DDoS solutions. It seems that many have reached a tipping point where the threats can no longer be ignored.
In fact, in a survey of 120 attendees we ran at the event, we found that BYOD tops the challenges that IT leaders are facing when trying to secure their networks and devices. Some 87 per cent highlighted that it is more difficult to secure businesses from the threat of cyber-attacks, with almost one in four citing BYOD as the largest contributing factor to increased vulnerability in their organisations.
This may be surprising to many. The talk surrounding BYOD certainly seems to have been going on for years. Businesses of all sizes, however, are discovering that they must navigate the murky waters of managing new devices on their networks and putting the right levels of authentication in place to enable entire workforces, without putting too many restrictions on access. It’s certainly true that the introduction of smartphones, laptops and tablets to the workplace has been a huge element in enabling mobile working. It has also come with its fair share of threats to business.
Anyone looking to implement a BYOD solution should first understand the user-base and their needs: what types of device are they using” Where are they accessing information from” What type of data they are accessing remotely” Once you understand the workforce, it’s easier to map a solution to ensure the right levels of authentication to protect the network and ensure the best possible end-user experience.
Alongside BYOD concerns, an alarming number of respondents admitted to a worrying lack of knowledge about the latest DDoS threats. Only ten per cent of the security professionals we surveyed could accurately describe how DNS reflection attacks work. This is despite the coverage of this type of attack following the now infamous Spamhaus attack. Just 11 per cent were completely confident that the day-to-day operations of their business would not be disrupted should they be hit by such an attack.
These are strikingly low numbers given the amount of attention that Spamhaus and DDoS have received over recent months. The message about the risks finally seems to be getting through. Less than a quarter of respondents highlighted reputational damage as their main concern about potential DDoS attacks. Only 20 per cent worried about the impact on customers and 16 per cent on data loss. More than one in ten respondents picked out revenue loss as one of their top three DDoS fears. So, what can businesses do to protect themselves?
It’s crucial that we get on the front foot when it comes to tackling cyber-crime and consumer devices in the workplace to try to limit the damage. The results speak for themselves. Businesses need to take note and prioritise security or run the risk of allowing cyber criminals to access data through a BYOD backdoor or hacktivists to knock them offline with DDoS attacks.
Success is in the detail. It’s not a case of buying DDoS or BYOD solutions just to tick a box, it’s about establishing what your organisation needs and how you can better support your employees. If you keep that focus in mind, you won’t go far wrong.
Joakim Sundberg is a Worldwide Security Solution Architect for F5 Networks.