Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware's Global Application and Network Security Report 2016-2017.
Data loss topped the list of IT professionals' cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).
Malware or bot attacks hit half of all organizations surveyed in the last year. One reason for the pervasive attacks? The Internet of Things (IoT). Some 55% of respondents reported that IoT ecosystems had complicated their cybersecurity detection measures, as they create more vulnerabilities.
Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition.
While large-scale DDoS attacks dominated the headlines of 2016, this report found that only 4% of all attacks were more than 50 Gbps, while more than 83% of DDoS attacks reported were under 1 Gbps.
"One thing is clear: Money is the top motivator in the threat landscape today," said Carl Herberger, vice president of security solutions at Radware, in a press release. "Attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company's data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data."
Despite the growth in attacks, some 40% of organizations reported that they do not have an incident response plan in place, the survey found.
The report listed five cybersecurity predictions for 2017:
1. IoT will become an even larger risk. The Mirai IoT Botnet code is available to the public, making it more likely that cyber criminals of all experience levels are already strengthening their capabilities. "In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets," the press release stated. "IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps."
2. Ransomware attacks will continue to grow. These attacks will target phones, laptops, and company computers, and will likely take aim at healthcare devices such as defibrillators in the future, the press release stated.
3. Permanent Denial of Service (PDoS) attacks on data centers and IoT operations will rise. PDoS attacks, sometimes called "phlashing," damage a system to the degree that it requires hardware replacement or reinstallation. These attacks are not new, but Radware predicts they are likely to become more pervasive in 2017 with the plethora of personal devices on the market.
4. Telephony DoS (TDoS) will become more sophisticated. These attacks, which cut off communications in a crisis, "could impede first responders' situational awareness, exacerbate suffering and pain, and potentially increase loss of life," the press release stated.
5. Public transportation system attacks will rise. As cars, trains, and planes become more automated, they also become more vulnerable to hackers, Radware stated.
You help your business avoid ransomware attacks and other cyber threats by keeping software up to date, backing up all information every day to a secure, offsite location, segmenting your network, performing penetration testing, and training staff on cyber security practices.
- Massive ransomware attack takes out 27,000 MongoDB servers (TechRepublic)
- Ransomware's next target: Your car and your home (ZDNet)
- 2017 cybercrime trends: Expect a fresh wave of ransomware and IoT hacks (TechRepublic)
- Locky ransomware: How this malware menace evolved in just 12 months (ZDNet)
- Cyberwar: The smart person's guide (TechRepublic)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.