For those organisations that think that limiting their online presence can help protect them from cyber security attacks, the truth may be a difficult pill to swallow. A new study conducted by the security experts at Kaspersky Lab and B2B International has shown that a public website, or indeed any online public interface, isn’t a prerequisite for becoming a cyber victim. According to the research, internal networks can present vulnerabilities just as great as those presented by public websites.
Distributed Denial of Service (DDoS) attacks are some of the most common faced by organisations. One sixth of all companies, globally, were victimized by this type of attack in 2015, and enterprises fared even worse, with nearly a fourth suffering DDoS attacks. While many did have public interfaces, of some type, online, many did not.
Internal web services also provided hackers with the opportunity to disrupt operational systems, file servers, and network connectivity. This proved especially true for the manufacturing sector. Other industries affected on a large scale included telecoms, information technologies, government agencies, and transportation organisations.
While DDoS attacks are relatively simple for hackers to accomplish, that doesn’t mean that they shouldn’t be taken seriously, due in large part to their effects on the ability to do business. Downtime can result in unhappy, distrustful customers, vendors, and partners. Depending on the level of disruption, the consequences can be even more serious.
All too many companies believe their networks to be safe if they don’t interface directly with the public online, but this is clearly not the case. With companies not taking the cyber security of their internal systems seriously, they will only become more appealing targets for those looking to steal information or to simply cause disruption.
Companies that have any sort of online connectivity, regardless of whether or not they have public websites or log in portals accessible to the public, should be taking steps to keep their cyber security practices current. Cyber security today is as (if not more) important than maintaining a business’s physical security, and the sooner all sectors and industries realise this, the better.
There’s no taking cyber security too seriously, either. A single well-coordinated DDoS attack, however simplistic, can be devastating for an organisation of any size. While it may be impossible to prevent all types of attacks at all times, those companies that take steps to remain current in their practices will find themselves to be a much less tempting target for hackers.