2018-2019全球应用和网络安全报告（英文版）.pdf

20182019 / Global Application C-suite executives are accountable as well. To provide insights into the complex challenges faced by organiza- tions as they fight to protect their brands, Radware produces an annual Global Application only seven percent claimed not to have experienced an attack Cyberattacks were a weekly occurrence for one-third of organizations The primary impact of cyberattacks was service disruption, reported by almost half of respondents. Attacks resulting in a complete or partial service disruption grew by 15% and hurt productivity Cyber-ransom continued to be the leading motivation of hackers and was the reason for 51% of the attacks Executive Summary In 2018, the stakes for cyberattacks were higher than ever. Attention-grabbing data security incidents continued to make news, including the largest distributed denial-of-service (DDoS) attack ever recorded at 1.7Tbps. 1In the European Union (EU), the General Data Protection Regulation (GDPR) went into effect on May 25, 2018, imposing strict new rules on how personally identifiable information (PII) is collected, processed and controlled. In addition, cryptominers infiltrated networks looking for a quick score. 1 security.radware/ddos-threats-attacks/threat-advisories-attack-reports/memcache-ddos-as-a-service/ 20182019 / Global Application & Network Security Report 4Emerging Attack Vectors Attackers employ efficient techniques to cause denial of service, such as bursts, amplification, encryption or internet of things (IoT) botnets, and target the application layer to cause more harm. Application-layer attacks caused the most damage. Two-thirds of respondents experienced application attacks. One-third foresee application vulnerabilities being a big concern in 2019, especially in cloud environments. More than half made changes and updated applications monthly, while the rest made updates more frequently, driving the need for automated security. Cyberassaults resulting in a complete outage or service disruption grew by 15%, and one in six organizations reported having suffered a 1Tbps attack. Hackers found new tactics to bring down networks and data centers: HTTPS Floods grew 20%, DNS and Burst attacks both grew 15% and bot attacks grew 10%. A third of companies reported suffering attacks for which they could not identify the motive. Preparing for Whats Next Businesses indicate that they understand the seriousness of the changing threat landscape and are taking steps to protect their digital assets, but the severity of security threats weighs heavy. Nearly half felt ill-prepared to defend against all types of cyberattacks, despite having security solutions in place. Eighty-six percent of businesses explored machine-learning and artificial intelligence (AI) solutions in the past 12 months. Almost half said that quicker response times to cyberattacks were the motivation. Radware saw a 44% growth in those conducting business over blockchains. Companies continued to diversify network operations across multiple cloud providers. Two in five organizations use hybrid cybersecurity solutions that combine on-premise and cloud-based protection. Forty-nine percent of organizations in EMEA said that they were not well prepared for GDPR. The Only Option Is Success The cost of cyberattacks is simply too great to not succeed in mitigating every threat, every time. Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs to win back business. The GDPR and other government regulations have the capacity to bankrupt businesses that do not comply. It is critical for organizations to incorporate cybersecurity into their long-term growth plans. Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The CEO and executive team need to lead the way in setting the tone and investing in securing their customers experience. C-Suite Perspective CEOs Are the New Trust Officers Cybersecurity is becoming a very personal topic for executives trusted to lead companies at the highest level. To build and maintain solid relationships with customers, CEOs must take on an additional role as “chief trust officer.” When the years of curating a brand strategy can be obliterated with one cyberattack, assigning security strategy to the chief information security officer (CISO) is no longer enough. There is too much at stake. Consider the fates of CEOs at companies with high-profile breaches such as Equifax, Yahoo, Moller-Maersk and Anthem Healthcare. All of the work that the organizations put into building their brands value evaporated the moment customers lost trust as a result of the attacks. Before long, the CEOs of most of these companies were “pursuing other interests.” To ensure cybersecurity is an integral part of the companies business models, CEOs need to verify efforts and fund protective measures. CEOs who delegate security strategy without oversight do so at their own peril. 20182019 / Global Application & Network Security Report 5 EXECUTIVE SUMMARYGlobal Industry Survey The quantitative data source is a cross-industry survey conducted by Radware. This years survey included 790 individual respondents representing a wide variety of organizations around the world. The study was built on prior years research, collecting vendor-neutral information about issues that organizations faced in preparation and combat of cyberattacks. In this years survey, 28% of respondents had revenue of $1 billion or more, while 31% had revenue of less than $250 million. Responding organizations had an average of about 4,300 employees and represented at least 15 industries. The largest number of respondents worked at service providers/carriers (26%), banking and financial services (17%), high tech products and services (10%), government and civil service (8%), and professional services and consulting (7%). The survey provided global coverage with 33% of respondents from Asia-Pacific, 31% from North America (U.S. and Canada), and 18% from both EMEA and Central/Latin America (including Mexico). Forty-two percent of respondents organizations conducted business worldwide. Methodology & Sources The 20182019 Global Application & Network Security Report combines statistical research and frontline experience to identify cybersecurity trends that are important to organi- zations as they determine long-term growth strategies. 20182019 / Global Application & Network Security Report 6Radware Threat Research Center Security experts from the Radware Threat Research Center provide insights on the current and evolving threat landscape. Emergency Response Team (ERT) The team is composed of dedicated security consultants providing 24x7 security services. In the event of cyberattacks, ERT members serve as the first line of defense. They have successfully dealt with some of the industrys most notable cyber episodes and other attacks. This report shares their insights from frontline experiences, providing deeper forensic analysis than surveys or academic research alone. Malware Analysts Radwares team of malware analysts includes skilled threat researchers and reverse engineers who monitor hundreds of new malware samples every week and issue security advisories based on their findings. Radwares malware analysts examine the samples in research labs to evaluate the malwares evasion, propaga- tion and infection techniques. This team powers Radwares Cloud Malware Pro- tection Service and has collaborated with leading technology organizations to stop malware distribution. Global Deception Network Radwares Global Deception Network is a global network of honeypots and detection agents that trap network and application attack campaigns as they emerge. Every hour, the agents communicate with thou- sands of IPs performing suspicious or malicious activity, such as DDoS and web application attacks, scanners, IoT botnets and more. Radwares advanced algorithms learn threat patterns and intentions, qualify them and feed them in real time to Radwares security solutions for preemptive protection. This report features the top threats caught in Radwares Global Deception Network during 2018. 20182019 / Global Application & Network Security Report 7 METHODOLOGY & SOURCESDissecting the 2018 Threat Landscape Cyberattacks continued to make headlines in 2018 as organizations faced constant evolving threats. Radwares global industry survey revealed what businesses were up against as they fought to secure their networks and protect the customer experience. Digital transformation is a double-edged sword. As corporations seek ways to increase productivity and efficiency, advances in network technologies can add agility to business operations. At the same time, cyberattackers are keeping watch, discovering new vulnerabilities to threaten network assets. The Radware global industry survey uncovered the frequency, types and consequences of cyberattacks in 2018, along with hacker motivations. Ninety-three percent of respondents experienced a cyberattack in the past 12 months. Only seven percent claimed not to have experienced an attack. It is not a matter of if but when an organization will be attacked. The detection and mitigation of cyberattacks needs to be built into every step of the business life cycle. Why Are Businesses Attacked? A puzzling piece of data emerged from this years survey. While the motivations for attacks remained fairly consistent year over year, the responses for “motive unknown” almost tripled in 2018 (see Figure 1). Radware believes it is becoming harder for organizations to distinguish malicious traffic from legitimate traffic as a result of growing incidences and evasive disguise tactics. In some cases, such as cyberwarfare, threat actors are purposeful about hiding their motives. 20182019 / Global Application & Network Security Report 8