The high-profile distributed denial of service (DDoS) attacks that brought down Australia’s online 2016 eCensus have dramatically changed the attitudes of Australian executives who, the newly appointed local head of one leading anti-DDoS provider says, are actively engaging with vendors to avoid suffering a similar fate.
Australian companies had long been ambivalent about DDoS service: the Cisco 2017 Annual Cybersecurity Report, for one, found relatively stable use of DDoS tools, which were used by 36 percent of respondents in 2014 and just 38 percent of respondents last year. Just 14 percent nominated DDoS defence tools as being effective, while they were named as the second most time-consuming and difficult security tools to manage.
The eCensus fail had changed those attitudes, however. Sales calls, which were often put off or never returned in the past, are now being put straight through, says Arbor Networks’ newly appointed ANZ country manager Tim Murphy. “The response used to be ‘DDoS? Come talk to me next year’,” he told CSO Australia at this month’s Cisco Live! conference in Melbourne, “but now they just say yes.”
“Compelling events drive security and always have done so,” he continued. “They’ve read about the Census attack on the airplane,” he continued. “And while most network and security managers were previously thinking about DDoS, it was line item number 2, 3, or 4. Now the Census compelling event is top of mind – and the enterprise door is open.”
Murphy – who previously worked for Arbor before leaving in 2007 for stints at Cisco Systems and RSA – returned to helm the DDoS specialist firm and is buoyant at the prospects presented by the reinvigorated market.
Among his key strategic priorities is the extension of the company’s partner network and improving training and education across key customers – who he believes are much more receptive to education around DDoS risks, which are increasingly being tied to business interruption and the costs that entails.
The fact that the eCensus was hit came as no surprise whatsoever to Murphy, who noted that some companies were reining in their online efforts out of fears that they are unprepared to deal with attacks that could compromise such programs by outside attackers.
“We’ve lost confidence in the ability for government to deliver a digital service,” he said, “and because of this attack many are too fearful that good things aren’t going to happen in their companies either. Every script kiddie out there, and everybody that knows how to run a DDoS attack – if we were ever to digitise the whole voting system, it would be under attack from the moment they turn it on.”
DDoS attacks have intensified and broadened in recent months, with DDoS remediation provider Nexusguard recently opening an Australian ‘scrubbing centre’ for blocking DDoS attacks and figures in its latest DDoS Threat Report noting the number of attacks increased by 152 percent in December alone.
Australian companies had not only become more receptive to the need for DDoS protection, said Arbor APAC vice president Jeff Buhl, but also – given that local service providers are “absolutely on par with those in the most advanced markets” – had the opportunity to set the pace for the entire region.
“Business leaders in other APAC countries regularly ask me ‘what’s happening Australia?’,” Buhl said. “They know that one of the top 10 most attacked markets in the world. It has definitely lit a fire under enterprises and service providers. It’s good to be in that position.”