Cybersecurity attacks against IT service providers get more advanced

Posted by Mike Vizard on Feb 2, 2016 10:23:58 AM

DDoS_attacks.jpgLike any pirate, most cybercriminals prefer easy targets. So, while the number of attacks continues to increase, the majority of them are looking to exploit vulnerabilities that are easily defended. A new report from Arbor Networks suggests that the number of sophisticated cybersecurity attacks being launched is on the rise, though.

Based on a survey of 354 service providers and network operators, the 11th annual Worldwide Infrastructure Security Report (WISR) finds that 56 percent of respondents reported multi-vector attacks targeting infrastructure, applications, and services simultaneously, up from 42 percent last year. A full 93 percent reported application-layer distributed-denial-of-service (DDoS) attacks, and the most common focus of those attacks is now DNS servers instead of the HTTP protocol itself.

MSP's Complete Guide to Cyber Security

In terms of size, the largest attack respondents reported was 500 Gbps, with others reporting attacks of 450 Gbps, 425 Gbps, and 337 Gbps. The report notes that the size of these attacks has grown 60 fold in the past 11 years.

Targeting IT service providers

Historically, DDoS attacks have been launched by vandals and activists trying to make a statement. But as these attacks become more sophisticated, Arbor Networks surmises that cybercriminals are now using DDoS to extort money from their victims. IT service providers are being targeted because every minute a service is unavailable costs them money and cybercriminals hope to use them as a gateway to extort money from their customers as well.

Of course, defending against these attacks requires more IT investment, both in additional security technologies and in hiring the people with the expertise to manage them. While there is hope that machine learning algorithms and other forms of artificial intelligence will help contain those costs by automating IT security defenses some day soon, in the short term IT service providers should expect a larger percentage of their overall budget to be consumed by IT security.

Strength in numbers

The challenge, of course, is going to be figuring out what that right level of IT security should be. Given the level of risk IT service providers have, the level of IT security investment they need to make is much higher than the average enterprise IT organization. In fact, that level of investment is often part of a service provider's core value proposition.

Cybersecurity quiz for MSPs

As a general rule, IT service providers can deliver IT services more securely because the cost of delivering those services is aggregated across hundreds of customers. In contrast, the average enterprise IT organization is challenged with the level of IT security investment required, and they generally can’t compete for IT security experts, who command premium salaries today.

IT service providers simply can’t afford to short shrift IT security investments. The only way they can mitigate those costs is to spread them across a broader number of customers that wind up being much more secure as a result. Much like the days of old when merchants formed convoys to ward off pirates, the good news is that there continues to be strength in IT security numbers.

MSP cyber security

Photo Credit: Pascal via Flickr.com. Used under CC0 1.0 License

Topics: Cyber Security

Which Data Loss Gremlin Is Targeting You
The MSP's Complete Guide to Cyber Security
Fixed Price Data Protection
Intronis demo lunch
MSP Marketing Assessment