Recently the UK Office for National Statistics released its latest statistical bulletin for the Crime Survey for England and Wales: Year Ending September 2016. The survey covers all reported crime (6.2 million incidents) and whilst it shows no statistically significant change on the preceding report, there was some interesting data related to computer crime.
It is the first full year in which the report had looked at these crimes and the experimental trial statistics have shown that there were 2 million Computer Misuse and 3.6 million Fraud Offences. Misuse offences are defined in the report under two categories which are of particular interest to businesses:
- Unauthorised access to personal information, including hacking
- Computer virus, malware or other incidents such as "DDoS" attacks aimed at online services
It will be interesting to see how the statistics change in the year ahead but they are a stark reminder of the responsibilities we have in business to work to protect customers and their data, and therefore customers. Securing your business is a war game: you run around with a target on your back (the business), trying to avoid arrows. The problem is more and more people are firing at you and the target keeps getting bigger. If you stop moving, you are done for! No matter how secure you think you are - complacency is not an option.
The game keeps on changing
The latest Akamai Q3 2016 State of the Internet / Security Report shows exactly how attackers are changing the frequency, method, size and targets of their attacks. If you've not already done so I recommend downloading the report, which gathers information from across the Akamai Platform.
Here are some of the key findings from the report:
- DDoS attacks In Q3 2016 increased 71% compared to those in the same period of 2015
- 138% increase in DDoS attacks over 100Gbps for the same quarter in 2015
- Even in just one quarter there has been a 58% increase in attacks of more than 100 Gbps
- Attackers are also changing the way in which they attack sites:
- An increase in Large (>100Gbps) Layer-7 floods hitting application layers
- DNS reflection attacks are on the increase and along with UDP fragments persist as the largest portion of DDoS attack traffic seen across our routed network
- Generic Routing Encapsulation (GRE) protocol flooding attack traffic is something we expect to increase in popularity, given its role in recent attacks
- The arrival of the MIRAI Botnet set a new watermark for attacks observed by the Akamai Platform, measuring 623Gbps and 555Gbps
- You may have thought SQL injection attacks were a thing of the past, but we saw a 21% increase in the report, whilst web application attacks declined 19%
Whilst we see attacks hit a wide range of verticals, it is interesting that we see a relationship between sectors and attack methods, because attackers have such a wide range of tools available. Distributed denial of service (DDoS) attacks are often used to target gaming companies, whereas Retail and Financial Services are the top two sectors where Web Application attacks are employed.
You can't protect data until the foundations are right
It is important that we keep reminding ourselves how important security is - however obvious it seems! Reports, such as that from the ONS, highlight the impact cybercrime has on all of us in our personal and professional lives.
Before we can reliably secure the data that leads to these crimes, we must have the technology in place to protect against the huge DDoS attacks that will become increasingly prevalent, something that can only be economically and technologically achieved through cloud-based security solutions, such as those provided by Akamai. But beyond this, companies must also work to ensure the availability of services, by protecting three key aspects of their technology estate:
- Web applications and customer gateways - Where customers and partners have access to applications, web services or other gateways into the business, ensuring they can be delivered across the globe quickly, securely and reliably is paramount. One of the biggest challenges with this is having the right level of redundancy and isolation from other services.
- DNS services - DNS infrastructure is often under-deployed in organisations, despite its importance to website and application performance. Given the number of attacks that now focus on DNS services, two or three just isn't enough, it will leave you vulnerable to data centre outages as well as DDoS attacks. Ensure your DNS infrastructure and cloud services are configured to give you the 24/7 availability, resilience and performance needed under the highest load conditions.
- Infrastructure - This is the platform that supports the entire organisation. Consisting of routers, firewalls, load balancers, etc. This is the third, and arguably most important, part of any organisation's estate that needs securing from DDoS attacks. Attackers will scan and study an organisations infrastructure looking for vulnerable areas to exploit.
We'll certainly revisit these topics as part of future blogs, but to come back to the opening point computer misuse is national recognised in crime statistics, and whilst to some it's a surprise it didn't happen sooner, over the coming years we all have a role in keeping those figures as low as possible.