Security attacks on software services jumped in 2018, says NetScout

The average downtime cost of an attack was $221,836; Germany had the highest ($351,995) and Japan the lowest ($123,026). (iStockPhoto)

The percentage of software-as-a-service and third-party data center and cloud services that were attacked tripled between 2017 and 2018, according to NetScout's 14th Annual Worldwide Infrastructure Security Report, which was released this week.

NetScout based its research on a survey of its own customers, including network and security professionals and IT decisionmakers from enterprise and service providers around the world. The focus was on daily challenges from network-based threats and the steps taken to stop and mitigate them.

The number of attacks against SaaS services jumped from 13% in 2017 to 41% last year. Third-party data center and cloud attacks rose from 11% to 34% during the same time period, the report says.

Sponsored by Ribbon

Webinar: Identity Assurance – Restoring Your Customer’s Trust in the Phone

Learn about Ribbon Call TrustTM, an identity assurance solution that encompasses STIR/SHAKEN and on a per-call, real-time basis will: determine caller intent and identify bad actors from network and call data analytics; provide multi-dimensional reputation scoring using Machine Learning algorithms; and recommend optimal call validation treatment. And will do this for both IP and TDM phone calls. With Ribbon Call Trust™ you can defeat robocalls and fraud attacks, truly restoring your customer’s trust in the phone.

Pointing to the increased attacks against cloud-based infrastructure, 2018 saw the first distributed denial of service (DDoS) attack that reached the 1 Tbps size. It was followed up, days later, by a 1.7 Tbps attack.

RELATED: Two-thirds of DDoS attacks take aim at communications service providers

The dynamics as well as the size of DDoS attacks are changing. While the number of attacks actually declined 4% globally (to a total of 6.13 million), the size and complexity increased. The maximum size of the attacks rose 273%, with 91% of respondents saying that the attack saturated their internet bandwidth.

Thirty-six percent experienced multivector DDoS attacks. And the attention that DDoS attackers are paying to cloud-based services is steadily rising—from 25% of attacks in 2016 to 33% in 2017 and 47% last year.

The good news is that the security ecosystem is responding.

"When the Worldwide Infrastructure Report (WISR) was launched 14 years ago, 10 Gbps attacks made headlines and took networks down," the report says. "Today, attacks 40 times that size are routinely mitigated with little to no disruption to online services."

An indirect indicator of the proactivity of the industry is that 94% of encrypted traffic was attacked in 2018, almost twice as much as the year before. The assumption is that attacks on better-protected data wouldn't be growing if attackers had easier targets. Though progress is steady, 92% of respondents want operational security processes simplified, with component and workflow integration topping the wish list.

The average downtime cost of an attack was $221,836; Germany had the highest ($351,995) and Japan the lowest ($123,026).

Suggested Articles

Employers used to give some workers a company phone; now they have the option to offer company internet.

CenturyLink is not a wireless company, but the company expects to be an important player in 5G and IoT.

Verizon Business’ Chief Product Officer Aamir Hussain said four categories of Verizon Business services are hot commodities during Covid.