Detecting and Defending Against Cyber Threats – Staying One Step Ahead with the Connectivity Cloud

In the realm of IT security and infrastructure, threats are not just growing but evolving at a rapid pace. From large-scale cyberattacks to the vulnerabilities posed by critical infrastructures like hospitals and stadiums, businesses and institutions must constantly adapt to protect themselves from disruptions. Cloudflare’s connectivity cloud offers a comprehensive solution to help companies stay one step ahead of these dynamic cyber threats. At eco’s Internet Security Days (ISD) on 11 September, I shed light on the multifaceted challenges that companies face today, and the connectivity cloud capabilities they need to explore.

As digital technology continues to permeate every aspect of our lives, critical infrastructures are becoming prime targets for cyberattacks. At the ISD, I opened the discussion with a real-world example: a major football stadium on game day. Imagine a packed stadium on a hot day, where 50,000 people are eagerly awaiting a match, but due to a system failure, concessions like drinks cannot be served. A seemingly small technical issue can quickly escalate into a major logistical and security crisis. This scenario underlines the critical need to ensure the security and functionality of IT systems in high-stakes environments.

The growing vulnerability of critical infrastructures

Critical infrastructures, like hospitals and airports, are the backbone of any society. Unfortunately, security breaches here can have life-threatening consequences. The ability to maintain seamless operations, even in the face of cyber threats, is essential to public safety.

Hospitals, for instance, rely heavily on interconnected systems to manage patient data, run life-supporting equipment, and facilitate communication among medical staff. If these systems go down due to a cyberattack or technical failure, the results could be catastrophic. As such, companies need to continuously assess their systems for vulnerabilities and ensure they are prepared to face emerging threats. Ensuring the resilience and security of these mission-critical systems is paramount to protecting public health and safety.

Securing data in the cloud crucially depends on both the platform and its underlying security concept. Just like in soccer, the teamwork between technologies is critical. Cloudflare’s connectivity cloud ensures that components—ranging from the network to WAF (Web Application Firewall) and DDoS protection—work together seamlessly to safeguard customer data. In Germany alone, Cloudflare protects over 200,000 Internet properties.

In addition to securing core infrastructure, companies must also address another growing vulnerability—the security of individual endpoints. While many companies focus on protecting their networks from external threats, it is equally crucial to safeguard the endpoints—such as individual devices that connect to a network—because they can serve as entry points for attackers. In many cases, these devices are overlooked, leaving the door wide open for exploitation of malicious actors.

Understanding the impact of major events on digital infrastructure

Beyond the threats of cyberattacks, companies must also contend with the unpredictable effects that high-profile events can have on their digital infrastructure. Another important theme is the impact of real-time events, such as major sports games, on Internet traffic and infrastructure. During national team matches, Internet traffic can experience significant dips, sometimes by as much as 10 to 20%, as people divert their attention to the game. In other words, external factors can influence network performance in ways that are often unexpected.

The evolution of DDoS attacks

One of the most alarming developments in cybersecurity over the past few years has been the rise of Distributed Denial of Service (DDoS) attacks. These attacks, where cybercriminals overwhelm a network or service with massive amounts of traffic, can disrupt services and cause significant financial damage. Since the onset of the war in Ukraine, there has been a noticeable increase in DDoS attacks aimed at disrupting critical infrastructures, particularly in Europe.

Notably, many of these DDoS attacks are not financially motivated, as they often are in ransomware cases. Instead, the primary goal is to cause widespread disruption to services and supply chains, crippling entire industries for weeks or even months. These attacks have been particularly damaging in industries where continuous service is critical, such as healthcare, transportation, and energy.

One key takeaway is that many DDoS attacks require extensive planning and coordination. Contrary to the popular image of a lone hacker pressing a button to initiate an attack, these attacks often involve setting up complex networks and systems over time. The comparison can be made to a burglar who doesn't simply walk up to a house and break in, but carefully plans their attack in advance —gaining tools, planning, and strategizing. Understanding this level of coordination and premeditation is crucial for companies seeking to develop robust defenses against these complex, large-scale attacks.

What’s important to note is that Artificial Intelligence (AI) helps anticipating attacks even before they have started. AI can help identify these preparations at an early stage by analyzing Internet traffic patterns and identifying suspicious behaviors. In general, AI allows to detect where attacks are originating and helps to block many before they cause significant damage, showcasing proactive role in cybersecurity.

Leveraging data for proactive security

A key aspect of maintaining strong security measures is visibility. Today, Internet service providers and security companies have access to vast amounts of data that can help them detect and prevent cyberattacks before they occur. This proactive approach allows companies to monitor Internet traffic, identify suspicious activity, and take action to mitigate threats in real-time.

Effective cloud security requires transparency and a clear understanding of what needs to be protected. By knowing how services interact, how applications communicate, and where data resides, companies can develop a solid security strategy. Cloudflare’s platform offers this transparency, ensuring that all components work together to provide end-to-end security. Internet properties visited are protected by Cloudflare millions of times a day. In Q2 2024, an average of 158 billion cyber threats daily were blocked internationally by Cloudflare, with 21 billion blocked daily in Germany. Germany was among the higher percentages of traffic mitigated by Cloudflare between February 2022 and February 2023.

What is of particular relevance is using data to understand where attacks are originating, where Internet traffic is being redirected, and how these patterns can provide valuable insights into potential vulnerabilities. With the right tools and infrastructure in place, companies can identify anomalies in traffic that may signal an impending attack. This kind of early detection is crucial for stopping attacks before they can cause significant damage.

The importance of global connectivity

In today’s interconnected world, global connectivity plays a critical role in ensuring the resilience of IT systems. Cloudflare serves 60 million HTTP requests per second on average, and serves data from 330 cities in over 120 countries around the world, which allows them to maintain a robust global infrastructure. This network of data centers provides essential services to customers around the world, ensuring that even if one data center experiences a failure, the system remains operational. Cloudflare is the only composable, Internet-native platform that delivers local capabilities with global scale.

One of the key advantages of Cloudflare's globally distributed network is that it helps mitigate the impact of hardware failures or regional outages. This extensive infrastructure also allows for better protection against cyberattacks, which often target specific regions or countries.

For example, if a data center in Frankfurt experiences an issue, traffic can be seamlessly rerouted through a different center, such as one in Amsterdam or Singapore, ensuring that users experience minimal disruption. Cloudflare's network is always focused on availability and diversity; in other words, we don't simply set up a few data centers in Europe and call it a day. Instead, we make sure to spread our infrastructure across the region, with multiple sites in key markets like Germany, Ireland, and the Netherlands. We take a similar approach in Asia, with centers in Singapore and Japan. This level of geographic redundancy is crucial for ensuring that our customers experience reliable, uninterrupted connectivity, even in the face of localized failures or attacks targeting specific areas.

This ability to absorb and withstand large-scale, geographically targeted attacks is a critical component of a robust, resilient digital infrastructure. Many DDoS attacks, for example, target specific regions or countries. By distributing traffic across multiple data centers, companies can absorb these attacks more effectively, reducing the impact on individual users and services.

Bridging the skills gap in IT security

A major challenge is the growing shortage of skilled workers in the IT security field. As cyber threats become more complex and frequent, there is a pressing need for professionals who can manage security systems, detect threats, and respond to incidents. However, finding qualified individuals to fill these roles is becoming increasingly difficult. As the cybersecurity landscape continues to evolve at a rapid pace, the demand for skilled professionals far outpaces the available talent pool.

At Cloudflare, we are addressing this challenge by simplifying the management of IT security systems. By consolidating various security functions—such as DDoS protection, VPN tunnels, and endpoint security—into a single platform, they can reduce the complexity of managing these systems. This allows a smaller team to handle more tasks, helping companies to bridge the skills gap without sacrificing security. Additionally, automation is playing a significant role in addressing the shortage of skilled workers.

The road ahead

Overall, my keynote at ISD has painted a clear picture of the evolving threat landscape in IT security and infrastructure. As critical systems become increasingly reliant on digital technology, the need for robust, proactive security measures has never been greater. Whether it's protecting hospitals from ransomware, ensuring seamless connectivity during major events, or defending against large-scale DDoS attacks, companies must take a comprehensive, data-driven approach to safeguarding their operations.

By leveraging the power of Cloudflare’s global connectivity and security platform, organizations can gain the visibility, control, and resilience needed to stay one step ahead of ever-evolving cyber threats. From consolidating security functions into a single pane of glass to automating key defensive capabilities, Cloudflare’s solutions help bridge the skills gap and empower security teams to focus on strategic priorities. As the digital landscape continues to transform, Cloudflare remains committed to making the Internet a safer place for all—helping our customers navigate the road ahead with confidence and success.

Dominic Haussmann is an experienced IT security expert with over 15 years of experience in IT security. His expertise spans various areas, particularly in IT security and network security. Before joining Cloudflare, he gained valuable experience at renowned companies such as CrowdStrike and Fortinet. At Cloudflare, his focus is on advising customers on Zero Trust, a modern security strategy based on strict access controls. He has a deep understanding of the current threat landscape and is committed to helping organizations strengthen their security infrastructure and effectively defend against cyberattacks.