There is a massive gap between the security measures deployed by consumer facing and non-consumer facing organisations.
According to research by Neustar, non-consumer facing organisations are lagging well behind their consumer facing counterparts in areas such as continuous DDoS protection and fraud detection technology.
The report identified a surprising gulf in domain maturity between organisations running consumer facing domains and their B2B only counterparts.
A survey of 300 senior European IT managers found that they all recognise security as being of high importance, but many non-consumer facing organisations rely on malware defence and intrusion detection systems (IDS).
Bob Tarzey, analyst and director at Quocirca, who conducted the research, said that consumer facing organisations consider security to be part of a service level agreement from their outsourcer and would not expect to pay for it separately.
He told IT Security Guru that some organisations may consider network firewall and intrusion protection to be sufficient protection against DDoS, so the figures may not represent actual deployment of DDoS specific protection. “There may be some that consider their on-premise defences to be suitable for fending of a DDoS attack in emergency,” he said. “What is clear is that consumer-facing organisations are more likely to have taken measures against DDoS in either case to protect their precious online presence and reputation.”
Despite the technologies being deemed to be out of date, the report said that host-based malware defence “is a last line of defence when others have been breached”, such as where advance threat intelligence is not in place or has not blocked malware from arriving in the first place.
“IDS is an outdated technology that has largely been superseded,” the report said. “Many may still have legacy IDS systems as a line of defence, but the more mature consumer-facing organisations are more likely to also be protected by state-of-the-art technology.”
Tarzey said: “Quocirca would still recommend host based malware defence is in place, but only a last line of defence. Sure the anti-virus market is still going, but most vendors are now focusing more on advanced capabilities than pure signature protection.
“As for IDS, most would now at least have moved to prevent with IPS rather than just detect. So again, the key finding is the consumer-facing organisations are more likely to have moved on to more advanced security capabilities to protect precious online presence.”
The report also found that there is a 16 per cent difference between customer facing organisations and non-customer facing organisations when it comes to the use of fraud detection technology, with 82 per cent of consumer facing businesses deploying this compared with just 66 per cent of non-customer facing.