The recent Infosecurity Europe exhibition was a great opportunity to talk to fellow security experts and businesses, and it's unsurprising that both bring your own device (BYOD) and distributed denial-of-service (DDoS) attacks remain high on most business agendas.
A high percentage of the visitors to our stand wanted to talk specifically about BYOD and DDoS solutions – it seems that many have reached a tipping point where the threats can no longer be ignored.
In fact, in the survey of 120 attendees we ran at the event, we found that BYOD tops the challenges that IT leaders are facing when trying to secure their networks and devices. We found that 87 per cent said that it is more difficult than ever to secure businesses from the threat of cyber attacks, with almost one in four citing BYOD as the largest contributing factor to increased vulnerability in their organisations.
This may be surprising to many. The talk surrounding BYOD certainly seems to have been going on for years. However, businesses of all sizes are continuing to discover that they must navigate the murky waters of managing new devices on their networks and putting in place the right levels of authentication to enable entire workforces, without putting too many restrictions on access.
It's certainly true that the introduction of smartphones, laptops and tablets to the workplace has been a huge element in enabling mobile working – but it has also come with its fair share of threats to business.
The focus for anyone looking to implement a BYOD solution should be to first understand the user-base and their needs, the types of device they are using, where are they accessing information from, what type of data they are accessing remotely, and so on. Once you understand the workforce, it is possible to map a solution to ensure the right levels of authentication to protect the network and ensure the best possible end-user experience.
Alongside BYOD concerns, an alarming number of our survey's respondents admitted to a worrying lack of knowledge about the latest DDoS threats. Only 10 per cent of the security professionals we surveyed could describe accurately how DNS reflection attacks work (despite the coverage of this type of attack following the now infamous Spamhaus attack) and just 11 per cent would be completely confident that the day-to-day operations of their business would not be disrupted, should they be hit by such an attack.
These are strikingly low numbers given the amount of attention that Spamhaus and DDoS have received over recent months. However, the message about the risks does seem to be getting through; 22 per cent of respondents highlighted reputational damage as their main concern about potential DDoS attacks, 20 per cent worried about the impact on customers and 16 per cent on data loss, while more than one in 10 respondents picked out revenue loss as one of their top three DDoS fears. So what can businesses do to protect themselves?
It's crucial that we get on the front foot when it comes to tackling cyber crime and consumer devices in the workplace to try to limit the damage. The results speak for themselves. Businesses need to take note and prioritise security or run the risk of allowing cyber criminals to access data through a BYOD backdoor or hacktivists to knock them offline with DDoS attacks.
Success is in the detail, though – it's not a case of buying DDoS or BYOD solutions just to tick a box, it's about establishing what your organisation needs and how you can better support your employees. If you keep that focus in mind, you won't go far wrong.
Joakim Sundberg, worldwide security solution architect at F5 Networks