Businesses are particularly concerned about distributed denial-of-service (DDoS) attacks because they believe they will have the most impact on their operations.
This was one of the key conclusions of AT&T's "2023 Cybersecurity Insights Report," which was based on a poll of 1,418 people. AT&T Business's head of cybersecurity evangelism, Theresa Lanowitz, describes the perceived risk and surge in concern about DDoS assaults as "surprising."
She adds, "With edge, the attack surface is changing, and taking down a large number of Internet of Things (IoT) devices can have a significant impact on the business, The near real-time data created and consumed by most edge use cases make DDoS attacks attractive. By its definition, a DDoS attack will degrade a network and response time. Those who have not invested in DDoS protection are indicating the timing is right to do so."
According to the report, ransomware dropped to eighth place out of eight in terms of perceived likelihood of attack type. Nonetheless, Lanowitz observes that over the last 24 months, organizations of all sizes have invested in ransomware prevention.
"However, ransomware criminals and their attacks are relentless," she warns.
According to another research, cyber adversaries may cycle with the rise and decline of different sorts of attacks. Operating systems embedded in edge IoT devices make it more expensive for a financially motivated adversary to target the device with ransomware, explains Lanowitz.
She further noted, "It is far more time intensive to write and deploy destructive code for an IoT device running a derivative of a version of Linux than to target a Windows-based laptop."
One of the most pleasantly surprising results in the report, she says, is how organizations are investing in security for an edge: security funds have grown to 22% of overall project costs, allocated evenly with strategy.
"We asked survey participants how they were allocating their budgets for primary edge use cases. The results show that security is clearly an integral part of the edge, and that security is being planned for proactively, " she explained.
She cited survey results indicating that apps, as well as much-needed security for ephemeral edge applications, are included in the overall plan for edge project funding. The expected outcome of what the edge delivers is shifting how organizations budget, plan, and think about focusing on a digital-first business, Lanowitz continues.
Another surprising finding from the survey is that globally, the likelihood of a compromise and impact to the business decreased by 28% and 26%, respectively.
She added, "Perhaps this is a case of irrational exuberance, but our qualitative analysis proves that with the edge there is far more communication and collaboration. Communication, cross-functional work, the line of business leading edge investments, and the use of trusted advisors all play a role in more optimism regarding catastrophic security events."
"Edge computing, with its changing attack surface, means the adversaries are seeing things differently," Lanowitz says. "Likewise, businesses must take that same view of an expanded attack surface, potential new threats, or potential increases in existing threats."
The report comes as DDoS attacks continue to make headlines, with the German government reporting that the Killnet DDoS knocked German websites offline temporarily, and the Serbian government reporting that it prevented five attempts aimed at destroying Serbian infrastructure.
KillNet, a pro-Russian hacktivist group that runs campaigns against countries that support Ukraine, has recently increased its daily DDoS attacks targeting healthcare organizations. In November 2022, over 50 of the most popular platforms available for hire to execute distributed DDoS assaults against important Internet infrastructure were shut down and their operators were arrested as part of Operation Power Off, a large multinational law enforcement sweep.