The annual DDoS Threat Landscape report from Imperva makes for grim reading if you are a security professional. The report found that DDoS attacks have increased by a huge 211% year over year, fuelled by DDoS-for-hire services. Network layer attacks also were found to hit new highs, with the largest assault found to peak at 470 Gbps.
Not only are DDoS attacks increasing, the hackers are getting more creative and trying out new attack methods. The black hat darlings are also attacking half of all targeted businesses more than once.
Laying out the cold hard facts of the DDoS landscape, there was also a special mention for the UK in the report. This was, however, not a special mention in the usual, positive sense – the increase in attacks against UK businesses made it the second-most targeted country in the world. The report noted that the majority of attacks in the UK targeted SMBs, but that there were also several high-profile assaults, such as the takedowns of the BBC and HSBC UK.
But what makes the UK so attractive to hackers? What factors in our infrastructure, society or security policies have led to our silver medal in the DDoS cyber games?
CBR reached out to the experts to get their take on why the UK is such an easy target for DDoS attacks.
The UK’s Digital Economy
Igal Zeifman, senior manager at Imperva, said:
“The UK has one of the world's largest and fastest growing digital economies. This year, the digital economy in the UK is expected to account for 12.4 percent of GDP, compared to the G20 average of 5.3 percent. As we speak, the Internet is now the UK’s second-biggest economic contributor, outweighed only by the property sector. Motivated by greed and the possibility of fame, DDoS offenders prefer to go after successful online businesses, and from their point of view, the UK represents a target rich environment.
London, Language & Technology
Mark James, security specialist at ESET, said:
“With the UK being one the leading digital economies in the world it’s no surprise we are an established target. London is still considered one of the world’s strongest economical cities with many companies wanting to have a good established base here, so many companies trade from the UK with good solid connections to the rest of the world. Our success makes us a valuable target, tag that alongside the English language and the fact that technology is often led from the UK we are sadly a desirable target.”
Srinivasan CR, Senior Vice President, Cloud and Security Services, Tata Communications, said:
“Imperva’s findings that the UK is now the second most attacked country behind the US could be explained by a variety of reasons. One big reason why cyber criminals do DDoS attacks is publicity. Some stage high-profile attacks to sell DDoS defender software, whereas others use DDoS to take a stand on a political issue. Given the concentration of global media based in the UK and the US, it unsurprising to see these nations near the top of the ‘attacked nations’ list.
Businesses Are Not Cyber Ready
Mark Hughes, CEO of BT Security, said:
“Last year the number of broader security breaches affecting UK business reached a new high, affecting 93% of large organisations and 87% of SMEs. More worryingly, the average cost of these breaches has never been higher, with several individual breaches costing organisations more than £1m.
“The problem is magnified in the UK where businesses are – according to the research – far less prepared for a potential cyber-attack than their counterparts in the US.
“Research commissioned by BT, which assesses attitudes to cyber security and levels of preparedness among IT decision makers, revealed that less than half (45 per cent) of UK business leaders saw cyber security as a major or absolute priority, compared to 84 per cent in the US. This highlighted the fact that UK businesses are simply lagging behind their US counterparts in crucial areas of cyber readiness.”