The website of the UK’s Serious Organised Crime Agency (Soca) has been taken offline following a cyber-attack. Andrew Kellett, senior security analyst at Ovum looks at why large organisations will need to beef up security as hackers become more sophisticated and ambitious.
Operating in a state of security compromise is a reality that most organizations are not comfortable admitting to, but is an accurate reflection of how most IT infrastructure functions today. Targeted attacks supported by high levels of resource have the potential to disrupt any operation. So it comes as no surprise to find that the UK’s Serious Organised Crime Agency (Soca) website has fallen victim to a distributed denial of service attack (DDoS) and as a result had to be taken offline.
What is surprising is that defence and intelligence levels have not been improved sufficiently since the last successful DDoS attack on Soca in June 2011. Also comments suggesting that “DDoS attacks are a temporary inconvenience” do not always fit the reality. Hacktivist attacks targeting particular operations have been known to be both persistent and longstanding, requiring extensive DDoS defences. Under the circumstances the actions of the agency appear to have been prompt and correct. They look to have spotted the attack quickly and by taking their site down reduced the impact on others who share the same service provider resources.
Ovum research shows that spending on web security over the next three years will grow at a compound annual growth rate of 8%, which is higher than the projections for most other mainstream security areas. This is consistent across most mature markets – Western Europe and North American and, at 14%, is predicted to be even higher in the emerging markets of Asia-Pacific, Eastern Europe, Latin America, and the Middle East and Africa. Web security is seen as a major area of vulnerability. The high levels of additional spending are necessary to improve quality and safety of services, and to help to ensure that the type of attack suffered by Soca can be dealt with without having to take the site down.
By Andrew Kellett
Senior security analyst
www.Ovum.com