Perhaps the staffs of professional hacking organizations are getting leaner like in treasury: a new study shows that automation is becoming an ever larger part of hacking as thieves employ more “bots.” According to a new report from cybersecurity services provider Radware, 2016 should see the pace quicken for cyberattacks as hackers enlist bad bots to deny service or find other ways to disrupt business.
The company notes in its Global Application and Network Security Report 2015-2016 that the age of the “Internet of Zombies” as arrived with half of all businesses seeing “burst bot” attacks, which Radware characterizes as “short but intensive form of automated attack.”
“In the last year, over 90% of companies surveyed experienced a cyberattack,” Radware says in its report. And “half of all businesses attacked said they had experienced burst bot attacks … up from 27% in 2014.” In 2016 they expect these bot attacks to be the fastest growing form of attack.
One way to fight off the increase in the bad bot attacks is to unleash “good bots,” which Radware is encouraging the financial sector to do as quickly as possible. For the financial sector as a whole, 69% think attacks will most likely be “from professional gangs, which correlates with a rise in bitcoin ransom attacks in this sector, standing at 27% in 2015.” However, like in the corporate space, banks say the most likely source of an attack is from people inside the company.
Within The NeuGroup universe of peer groups, the most common type of attack is from someone impersonating an authorized company employee or a legitimate banking contact and then trying to direct illegitimate treasury transfers. This could stem from cooperation from within (giving names and other information about transactions). With this in mind, many MNCs have been implementing company-wide training to alert employees of potential cybersecurity risks
It’s no secret that the bad guys are getting smarter. In many cases, experts say that instead of working on ways to stop an attack, companies should focus on the crisis protocol for the organization to ensure it is robust and aggressive in identifying and containing a breach. Know what your critical steps are in the event a cyber-attack reaches your company. Placing high priority on this growing issue, many peer group members have created cyber-risk committees.
Adrian Crawley, regional director for Northern EMEA at Radware, believes that as hacking becomes more automated, companies, notably retailers, must better anticipate the attacks. “This year things will change and the first line of defense for information security will no longer include people,” Mr. Crawley said. “As company defenses continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, CSOs will need to combine a virtual cyber army with skills. People are simply not equipped to make the decisions quickly enough to fight back on the front line.”