By now, many of us have heard the statistics about our rapidly digitalizing world and how much connected devices will grow over the next few years. For instance, we at Frost & Sullivan estimate about 45 billion devices will be online by 2023, a more than three-fold growth since 2016. Most facets of modern life are digitized and connected, whether that be workplace emails and information systems, government services like transit and taxes, and many aspects of our personal lives as well.
Enterprises need to be able to increasingly provide better and more sophisticated web-based solutions for customers, employees and internal departments, and value chain partners. To facilitate access to the growing amount of data and analytics being used, many companies need to utilize cloud and even multi-cloud environments. Data needs to be increasingly available more quickly, more usable, and accessible from nearly anywhere, as more than half of all web traffic now occurs through mobile devices. And, of course, it needs to be secure. This pervasive and critical nature of data means that, aside from some rare legacy systems, cybersecurity safeguards are generally built into connected devices and systems, as well as the communication channels used to access them.
However, for every point or node where someone can legitimately access information—be it with a cell phone, connected shop floor device, email address, or website login—someone else has the potential to tap in and compromise that information and related systems.
Unfortunately, many of us live with a seemingly inherent trust that, for the most part, our work email, online bank access, or semi-autonomous vehicle will somehow evade the notice of threat actors. Regrettably, that is not how these threats work, and at some point, our business and personal information will be a target. A large proportion of successful cybersecurity attacks employ automated bots, which can accomplish dizzying volumes of activities to find and confirm institutional and individual information. Phishing is a major threat, for example, luring in victims through email, social media, and mobile devices, and can be employed on its own or as part of a more complex attack. Unintentional website and online system downtime can occur as a consequence.
In a phishing attack, a threat actor sends authentic-seeming emails to thousands of addresses, which can be easily procured both legally or on the darknet. These emails closely mimic a trusted party, such as a credit card company, telecom service provider, or one’s employer. The email may direct the recipient to a site that closely mimics the real one and fool the target into revealing login and password details.
Stemming from this one instance, many more sites and companies can be compromised through “credential stuffing,” which has been rising rapidly since 2018. This is different from “credential cracking,” also called guessing attacks, where bots randomly try millions of letter/number/symbol combinations per second on a particular site. In credential stuffing, automated bots instead take stolen logins and passwords, run them across hundreds of websites and record which ones work. Through this automated test-and-filter process, the threat actors now have vast amounts of login information for thousands of people across many hundreds of sites, and can either do damage themselves and/or sell that information on the darknet. If you’ve ever heard the advice to have a unique password for every place you log in, now you know why.
Companies can try to prevent phishing attacks in the first place, and that can greatly reduce the number of scammers that even get to their employee’s emails. For example, one major tech company that spoke to Frost & Sullivan said it was encountering between 2,300 and 4,000 phishing attacks per month. The company was using a leading email security solution that helped reduce this by 94%; however, that still meant that at least a couple hundred scammers were getting past security, and the company only needed one insidiously successful attack to result in dire consequences.
It’s incredibly costly and damaging to companies when information gets compromised and websites lag, lose links, or go offline. Frost & Sullivan estimates that the market to defend against distributed denial of service (DDoS) attacks doubled from $499 million in 2014 to over $1 billion in 2018, and is anticipated to grow to $1.8 billion in 2021. A typical breach can affect over 25,000 records and cost a company $150 per record in damages.
The company referenced above turned to a solution from IBM Edge Delivery Services powered by Akamai to mitigate the risk that remained, even with their sophisticated email security solution. This solution is more effective because it provides security at the point in which a person accesses data. It creates a security bubble such that each data interaction is protected at the very “edge” of the interaction. Security solutions will still exist at other points in the system, such as across a multi-cloud network and at data centers, but the IBM Edge Delivery Services help identify and filter out attacks before they get to the data provider’s systems.
Because the solution is engaged at the edge, it can protect any company with an internal or external web presence. Also, because it is tied to a specific server or cloud, it can change and evolve with the company as their needs for accessing information grow. As cyber threats continue to grow more sophisticated and difficult to combat, having an edge-based solution is critical to shield users and protect sensitive data while not slowing down apps or other data-related functions.
For more information about how to secure critical data, systems, and devices from the edge, visit edgedeliveryservices.com