There are three types of attacks: ones that attack the confidentiality of data, ones that attack the integrity of data and ones that attack the availability of systems
The Internet is under attack.
It has been for many years, ever since “hacker” and “malware” first crept into our vocabulary. But, the internet has grown exponentially since those days. It was never meant to handle the level of data it traffics today, a level that exceeded 1 zettabyte last year.
The internet was originally built just to share files between users. The fact that it has grown into the massive web of data and endpoints we enjoy now — one where smartphones, tablets and smart TVs will account for nearly 70 percent of Internet traffic by 2019 — is an enormous convenience to how we work, communicate and live.
[ An InfoWorld exclusive: Go inside a security operations center. | Discover how to secure your systems with InfoWorld’s Security Report newsletter. ]
But, that evolution has been enormously convenient to cyberattackers as well, whose methods for breaching, infecting and stealing data and bringing down networks has now turned the internet and its billions of users into a digital dartboard, constantly under assault.
The CIA of data
Data breaches, DDoS (distributed denial of service) attacks, brute force decryption attacks — these are just some of the more prominent examples of cyber and network security attacks we’ve seen grow in scale and frequency over the years. These cyberattacks come in three distinct types: ones that attack the confidentiality of data, ones that attack the integrity of data and ones that attack the availability of systems — CIA, for short.
Target, Sony, OPM, IRS and Snapchat are just a handful of recent C and I attacks that have made some of the biggest headlines, striking at the confidentiality or integrity of millions of personal records. But, the A-attacks like a DDoS attack that takes aim at service uptime are perhaps even bigger threats, bringing networks and cloud platforms offline for extended periods of time, disrupting business continuity, and even holding network availability and data for ransom, with an average price tag of $620,000 for enterprises. Even just the threat of a DDoS attack can wreak havoc.
You don’t even need to be an intended target of these attackers to feel their impact. When a DDoS attack travels down the same line that your traffic is going, it still disrupts or shuts down your service all the same. Your traffic is moving along the same line as the target, and becomes collateral damage.
The common thread through these CIA attacks is the public internet. As long as enterprises and end users are using the public internet for transmitting and storing data, they will always be putting themselves at risk.
Enterprises, SaaS providers and cloud services don’t have to operate over the public internet, but they choose to because it has always made sense economically. The alternative has always been costlier and more complex.
But, why then, do they still accept all of those risks that are becoming more serious every year? Because the public internet is “good enough.” It works most of the time already, and when you’ve been used to it for 25 years, why rock the boat?
Enterprises and SaaS providers only start to reevaluate their reliance on the public internet until they have a bad experience — a network breach, a disrupted conference call, something that negatively impacts a business-critical service. By then, it’s too late, assuming they even treat it like a wake-up call at all.
What’s especially troubling is that these same enterprises are now relying on the cloud for their mission-critical apps. That means moving some of their most critical processes to a place that can only be accessed through a pipe that is notoriously unreliable and unsafe.
That’s just bad business sense. But, because these problems only occur intermittently, they’re not thought of as serious concerns ahead of time. More than that, many enterprises simply don’t have the network savvy to properly diagnose why they were attacked in the first place, and how the public internet itself is ultimately culpable.
Looking outside the box
The public internet is the root problem, and any solution that ignores that will only be attacking the symptoms, not the cause. That’s why enterprises and their partners need to look outside of the box — in this case, the internet itself — to find their way out from the dangers of the public Internet that will only become more dangerous as time goes on.
Solutions that can provide private, reliable connections outside of the internet, such as interconnections and VPNs, provide a new way for organizations to network without having to worry about their data being suddenly impeded, stolen or shut down by an attacker. So long as enterprises aren’t thinking about how to move their operations and data traffic around the public pathways of the internet, they will find themselves under the constant threat of the next CIA attacks just around the corner.