14 DAY TRIAL // The cyberattacks launched recently by hackers are difficult to contain and imply high costs to companies that want to protect their infrastructures against them, shows a recent report released by F5 Networks.
Eweek informs us that organizations are struggling hard to defend themselves against four of the five most common types of hacking operations.
The survey found that DNS poisoning attacks are considered by businesses to be the most problematic, the traditional defence mechanisms deployed being in many cases useless against these hits.
Denial of service, cross-site scripting, SQL injections, cross-site request forgery and directory traversal attacks that target organizations are in most cases successful due to the lack of preparation and necessary resources.
The figures show that 38% of responders admitted that the classic defensive methods are not that efficient against complex, blended threats, while 53% believe that these safeguarding measures also affect network performance to some point.
Since threats are constantly evolving, companies have a hard time keeping up with the latest protection developments, this resulting in a lot of exposed segments of their infrastructure.
About 42% stated that their firewall failed when their networks were hit by a network-layer denial-of-service attack in the past year. In 36% of cases the firewall failed during an application-level denial-of-service operation.
Losses that include customer trust, fines, data theft and revenue loss cost organizations, in average, the sum of $682,000 (477,000 EUR) in the past 12 months.
Application delivery controllers (ADCs) are considered by most of the participants in the survey as an efficient alternative to traditional products, while 74% already use these controllers for application security and access control. The survey found that 64% rely on ADCs for traffic-inspection-based protection.
Alan Murphy, the senior technical marketing manager for F5 Networks, revealed that in order for a firm to properly understand network traffic, they need to permanently be aware of who is accessing their infrastructure and data, and from where.