AT&T, one of the biggest Internet Service Providers on the planet, revealed today that its network is constantly under attack, seeing over 30 billion malicious scans, 400 million spam messages, and over 200,000 malware attacks every day.
According to Jason Porter, AT&T Security Solutions Vice President, most of these scans are reconnaissance operations, with crooks looking for weak entry points. The organization says it managed to block only 5 billion of these scans in 2015.
The numbers are staggering, but most of these attacks come from scripts, meaning little human oversight, and a high degree of automation.
AT&T logged over 245,000 DDoS attacks
AT&T revealed that it detected over 245,000 DDoS attacks targeting its network, which often led to data breaches or other incidents.
The company said that 60 percent of the businesses they surveyed faced an IT security breach, and 42 percent said the breach had serious and negative impacts on its infrastructure.
Large companies reported a total of 23 hours of downtime during 2015, and medium-sized enterprises around 14 hours. All of these led to millions in lost revenue.
Despite all these numbers, only 34 percent of surveyed companies said they had an incident response plan (IRP).
AT&T provides a blueprint for incident response plans
IRPs grow in importance the bigger the company gets, mainly because it sets up procedures that can be followed as soon as a cyber-attack is detected and avoid prolonged downtime or data theft.
A good IRP is like a unicorn for most CSOs, and in most cases, the best plans are devised with the help of a security auditor.
Incident response plans define a course of action not only for data breaches or DDoS attacks but also for more mundane accidents like the loss of a data drive or all types of malware infections, including ransomware.
In order to educate companies about proper cyber-incident response procedures, the company has published.