Feeds

Forget hackers - storms and snafus are bigger threat, say infosec bods

More downtime caused by snow than black hats, EU study finds

5 things you didn’t know about cloud backup

Cyber attacks caused fewer problems to communications networks than unrelated system failures and natural disasters, a study by an EU security agency has found.

The European Union Agency for Network and Information Security (‪ENISA‬) reports that the average duration of cyber attacks was four hours ‪whilst o‬utages due to nature – mainly storms and heavy snowfall – lasted 36 hours.

The number of incidents caused, or partly caused, by cyber attacks came out at 8 per cent; more than the 5 per cent where human error played a role but dwarfed by problems caused at least in part by system failure (76 per cent).

The study, released on Tuesday, covers 79 outages across 18 EU nations that reported major incidents last year. About half of the incidents affected mobile telephony or mobile internet services. Outages affecting mobile telephony or mobile internet also affected most users (around 1.8 million users per incident) than comparable problem affected fixed line voice and data services.

Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

Outages blamed on problems with third-party suppliers, mostly power supply failures, affected around 2.8 million users per incident, on average. Overload problems affected a greater number of users than simple power failures, affecting an average of 9.4 million user connections per incident.

In general, hardware failures were the most common cause of "systems failures", followed by software bugs. Incidents dealing with hacker attacks are covered in the report – but despite all the hype, malicious activity was a far less significant issue than system failures, power supply problems or bad weather in causing the most significant outages in Europe last year. Human error generally took much longer to unravel than problems caused by malicious attacks.

Cyber attacks were a more significant cause of problems when it came to fixed internet services but even in those cases, it played a role in just a fifth of outages.

Anonymized examples of the incidents reported to ENISA range from overloads causing VoIP outage to a faulty upgrade halting IP-based traffic and a DDoS attack on DNS servers that affected mobile internet access. Up to 2.5 million mobile device users were affected by the DDoS attack before the attacking addresses were identified and blocked, a process that took around two hours.

The study also covers the impact of the theft of a stretch of fibre optic cable, which obviously caused a break in a communications link, and a faulty software update that affected a mobile telephony service. The cable theft incident in question affected 70,000 fixed telephony users and 90,000 fixed Internet users for 10 hours.

Professor Udo Helmbrecht, executive director of ENISA, explained that the report will be used to draw up best practice guidelines.

"The EU collaboration behind this report is key to improving the security and resilience of electronic communications networks in the EU, as well as for security in other critical sectors. Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again."

ENISA's report, which is a must read for anyone involved in either disaster recovery or telecommunications network management, can be downloaded from their website (PDF). ®

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?