Apps are the strategy upon which business has staked its digital survival, and F5 Labs research shows they will remain under siege in 2018. This year, let’s resolve to be vigilant in their protection, no matter whether they lie over hill in the data center or over dale in the public cloud.
The New Year is here and, as is the custom, many of us have made resolutions for 2018. Most are usually centered on improvement of some kind. From staying fit to losing weight to spending less and saving more, we resolve to improve ourselves every year.
I think perhaps it’s time to also have a New Year’s IT Resolutions. On the top of that list I hope you’ve jotted down the resolution to pay more attention to application protection.
I say that because apps are under siege. Whether it comes from bots lobbing DDoS attacks or malware attempting to mine the security walls erected around apps, the truth is that someone is trying an attack every 39 seconds. That means by the time you read that statistic, a system was attacked.
Maybe one of yours.
When they do attack, they increasingly seek out the most likely vector to succeed: apps and identities. We know that’s the case because our threat research arm, F5 Labs, performed extensive analysis on 443 breaches spanning the last decade. Their research revealed that in 86% of those cases, the attackers went after apps and/or used stolen credentials.
More alarming, perhaps, is both the increase in cases over the past few years as well as the bountiful spoils looted from victims.
In the past decade, attackers have managed to pilfer twelve BILLION records. Yes, you read that right. That’s BILLION. Which is interestingly close to bullion as data records are the digital equivalent of the valuable treasure sought by pirates of old.
And like those pirates of old, today’s attackers use a variety of mechanisms to sneak inside. The sheer volume of stolen credentials has led to an epidemic of credential stuffing attacks. The well-known remediation gap between disclosure of a platform or framework-level vulnerability and patching leads to mass exploitation and success.
Attacks are growing more sophisticated –and automated. We are unlikely to see fewer breaches in 2018. The trend is that we’ll see more. Like sharks circling a disabled ship, attackers are constantly waiting in the wings for an opportunity.
Our expansion into the relatively new, unchartered waters that is multi-cloud only makes security more important. Public cloud brings with it the same risks to apps and data as on-premises, and we must endeavor to focus on protecting them with the same vim and vigor as we do on-premises. That means application services like web application firewalls, identity federation, and app access control. It means employing multi-factor authentication (MFA) when possible, and enforcing security gates no matter where applications are being deployed.
This New Year, let’s resolve to focus on protecting apps. Whether it’s auditing and ramping up existing security programs or initiating new ones, let’s all be more vigilant and engaged with respect to application security in 2018.
You can get a full copy of F5 Labs’ report, “Lessons Learned from a Decade of Breaches”, right here.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...