Security on the Network: Protecting Non-sensitive Data
How and why enterprises need to reevaluate their cybersecurity strategies.
With more of their non-sensitive data traversing the public Internet, enterprises need global connectivity partners that provide comprehensive network protection, discusses Mattias Fridstrom, chief evangelist at Arelion.
The COVID pandemic has had a major impact on enterprise data storage and security. Businesses have become more vulnerable to cyberattacks as they have increasingly stored their non-sensitive applications in the cloud for enhanced flexibility and scalability. Arelion’s 2021 threat data shows that the pandemic drove a spike in network security incidents, with Distributed Denial-of-Service (DDoS) attack intensity mirroring COVID lockdowns. Our 2022 threat report shows that DDoS attack distribution evolved in 2021 as large-packet, infrequent DNS, and NTP amplification attacks replaced smaller SYN attacks as the most common attack vectors. This shift is likely due to the increased use of cloud-based services, which are more vulnerable to large-packet attacks.
In response, service providers are shifting toward automated prevention tools that stop dramatic, multi-vector DDoS attacks. These scalable, high-capacity tools block malicious traffic before it reaches an enterprise’s Internet connection. Solutions of this kind have never been more necessary, with peak traffic increasing 45% from 2020 to 2021 and attack intensity correlating with elevated traffic volumes. Attacks averaged between 35Gbps and 25Mbps per attack, and the average attack time increased by 10% to 11 minutes within a year. Multi-vector attacks and targeted extortion threats were the most prevalent. There are cybersecurity strategies enterprises can implement to keep cloud applications secure against evolving threat vectors and questions they should ask as they’re evaluating their cybersecurity strategy.
The Evolving Threat Landscape
This change in attack distribution shows that hackers are focusing on larger network infrastructures and exploiting higher available network capacity instead of simply congesting client links — especially as enterprises increasingly route their non-sensitive data over the public Internet. These findings show that enterprises are still struggling with DDoS mitigation as the public Internet becomes the preferred underlay for the non-sensitive data of cloud applications.
DDoS attack size is increasing despite decreasing attack frequency. Large-packet attacks with amplification yield high profits and will continue to grow as they remain profitable for criminals. Statistics show that 40% of business leaders experienced an attack resulting in significant disruption and loss of business revenues. While many service providers have had DDoS mitigation solutions for years, not all providers have the global reach needed to ensure that enterprise traffic will only traverse their network. This raises an important question: what operational changes can enterprise IT decision-makers implement to ensure their traffic is safe as it travels the public Internet?
These reports prove that enterprises need a comprehensive network security strategy backed by partnerships with connectivity providers with a global footprint. By focusing on endpoint security and partnering with local providers, enterprises leave themselves more vulnerable to large-packet attacks with amplification that cause significant financial losses and business disruptions.
See More: Rethinking Network Security: Three Steps to Zero Trust
Protecting Against DDoS Attacks
Enterprises do not have the protection offered by on-premises servers as their data travels the public Internet. Attack vulnerability only increases if enterprises rely on local providers for connectivity and DDoS mitigation. Enterprises have three connectivity options. They can 1) purchase business broadband from a local provider, 2) buy Dedicated Internet Access (DIA) from a local provider or 3) buy DIA from a global service provider. Business broadband typically offers higher speeds and lower latency than residential services but may be asymmetrical and struggle with the bandwidth demands of cloud and video services. DIA from a local provider offers higher speeds and more consistent latency than business broadband but may be more expensive. DIA, from a global service provider, offers the highest speeds and lowest latency but may be subject to network outages.
Enterprises should consider their needs for speed, reliability and security when choosing a connectivity option. DIA from a global service provider offers the best combination of performance and protection for most organizations. Enterprises are typically focused on endpoint security, with mounting industry hype around Secure Access Service Edge (SASE) and VPN alternatives. DDoS mitigation and Resource Public Key Infrastructure (RPKI) were once seen as bonuses, but they are becoming the first line of defense for security at the network layer. These are very important parts of comprehensive network security as enterprises experience increased extortion-based attacks with more reliance on remote systems, SD-WAN and cloud applications stored on the public Internet.
Global Reach: An Essential Enterprise Consideration
As more of their non-sensitive data travels the public internet, enterprises must understand the importance of choosing a global service provider with a high-capacity global network and a cybersecurity strategy featuring RPKI and DDoS mitigation. RPKI is a security framework that protects the Internet’s routing infrastructure and is made possible by automated validation of Border Gateway Protocol (BGP) announcements between public Internet networks. RPKI ensures enterprise traffic is not hijacked or redirected as it travels the public Internet.
Enterprises will benefit most from the precise host-level DDoS mitigation offered by a global provider that persistently innovates the network to future-proof against unprecedented network demands (such as the massive data consumption of the pandemic). With surgical scrubbing techniques, DDoS protection should detect and mitigate attacks automatically and offer 24/7/365 protection to address evolving attack vectors.
DDoS mitigation must be high capacity, scalable to enterprise needs and must stop attacks before they reach an enterprise’s Internet connection. Host-level DDoS mitigation, strengthened by persistent network improvement and informed by an understanding of global IP markets, will empower enterprises with comprehensive network protection. Enterprises can ensure their business operations will not be disrupted for financial gain by partnering with a wholesale provider with a global reach and a proven track record powering a majority of global IP routes.
Protecting Non-sensitive Data through a Global Connectivity Partner
Malicious actors increased extortion-based attacks on enterprise systems during the pandemic as lockdowns caused increased use of cloud applications and non-sensitive data traversing the public Internet. Recent reports show that these attacks are only increasing in size, and their impact on business operations can be significant. Enterprises cannot find themselves in a situation where they are “keeping their fingers crossed” that they will not be targeted.
The entire ICT ecosystem plays an important role in comprehensive protection as cyberattacks become more sophisticated. The most effective operational change enterprises can implement is choosing a service provider with a global footprint protected by host-level DDoS mitigation and RPKI services. The spike in traffic caused by the pandemic proved that comprehensive network security depends on the persistent innovation of the network itself to protect against evolving attack vectors.
How’re you improving your cybersecurity stance to protect non-sensitive data? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON NETWORK SECURITY:
