There is no single piece of software or hardware, or any one-dimensional service, that is able to protect a business against cyberattacks. An effective cybersecurity strategy has to involve a multi-layered approach involving multiple web security tools.
For example, DDoS protection and mitigation tools help prevent attackers from taking down web sites or servers in a DDoS attack. The tools act as filters, letting good traffic through while diverting undesirable traffic into a “black hole” to prevent them from hitting the servers.
Another set of tools known as web application firewalls inspect and filter incoming and outgoing HTTP traffic, blocking attacks such as SQL injection and cross-site scripting where hackers exploit web application security flaws to introduce malicious code or content.
To prevent users from being diverted to bogus sites in phishing attacks, domain name system security extensions have to be applied to make sure that end users connect to the actual web site that corresponds to a particular domain name.
While businesses are becoming more aware of the consequences of a cyberattack and may have heard about the tools that they need to protect themselves, the reality is that most will not have all the resources they need to handle cybersecurity in-house.
Often, the Internet security strategies that they have adopted are no longer effective because Internet threats keep changing, attackers get more creative, and the magnitude of attacks is growing.
According to Akamai’s latest State of the Internet Security Report, there was a 44 per cent increase in SQL injection attacks in Q4 2106 compared to the same quarter the previous year, and a 140 per cent increase in DDoS attacks over 100 Gbps. To set this in context, a report2 in InfoWorld noted that a 1 Gbps DDoS attack “is enough to take most organisations offline completely”.
Against this onslaught of attacks, many businesses are “sitting ducks”. In a white paper on “Strategies for Cyber-Attack Protection”, Akamai noted that businesses often plan their investments months in advance while cyber threats change daily and require immediate action. It is also very difficult to hire, train and retain security expertise.