2016 Global Threat Intelligence Report provides new insights on bolstering your cybersecurity defences in the digital age
The threat landscape continues to increase in size, intensity, and complexity … putting organisations of all sizes and in all industries at risk of an attack. That’s one of the reasons why every year, together with our sister security companies within the NTT Group, Dimension Data publishes a Global Threat Intelligence Report. This year’s Report ─ which drew on the analysis of no less than 3.5 trillion logs, and 6.2 billion attacks targeting 8,000 NTT security clients worldwide during 2015 ─ is worth a read.
Some of the findings of this year’s Report include:
End-point security remains a key weakness: End-users are the weakest link … and the target of most attacks. Cyberattackers often target end-users through social engineering and spear phishing attacks. In fact, in 2015, spear phishing attacks accounted for 17% of all our incident response activities and our analysis revealed that attackers frequently use malvertising to lure victims. That’s why we believe that user education and training and disciplined patch management are critical to raising organisations’ defences.
Incident response – many are still on the back foot: Incidents do happen … and when they do, you need to be prepared to respond. Throughout the year there were many media headlines due to confidential information being stolen, denial of service attacks, and insider threats, but the data we collected in 2015 indicates that organisations are not making focused efforts to prepare for such attacks. In fact, 79% don’t have adequate plans. This points to a need for organisations to invest not only in detective and defensive controls, but also in the ability to take action when an attack is occurring.
Cybercriminals continue to up their game: Those involved in cybercrime are becoming more business-oriented, and their software and services are in great demand. They innovate faster than traditional businesses, and it’s become commonplace for less skilled attackers to hire black-market software and services of these expert cybercriminals to target traditional, legitimate businesses.
The data we gathered and analysed in 2015 indicates that cybercriminals’ intentions and capabilities are increasingly mirroring the goals of a robust security programme: survivability and resilience. Some key findings from this year’s Report:
- Cybercriminals are increasingly leveraging malware to breach perimeter defences: In 2015 we detected an 18% increase in malware across all industries, with the exclusion of education.
- The frequency and complexity of malware is becoming more stealthy and sophisticated: While organisations are developing sandboxes to better understand cybercriminals tactics and protect themselves from attacks, malware developers are just as aggressively developing anti-sandbox techniques.
- Cybercriminals have identified the value in breaching organisational defences: Rather than engaging in distributed denial of service activities, hackers are recognising the intrinsic value in breaching organisational defences and conducting data and intellectual property exfiltration. This causes legitimate business to become competitively disadvantaged and often times financially unviable over the long term.
All of these insights point to the importance of having access to robust threat intelligence to protect your organisation. At Dimension Data, we realise that the more threat intelligence we collect and correlate from a wide variety of sources, the better equipped we are to protect our clients’ organisations, and secure their infrastructure. We’re continuing to work closely with our research, development, and innovation team in NTT i3 to develop a global threat intelligence platform.
Our global threat intelligence platform allows us to correlate real-time activity using data from our clients’ event sources. We’re aggregating data from hundreds of globally dispersed honeypots, commercial vendors, open source feeds, search engines, security appliances, NTT infrastructure, and complement this with our own in house security research. This data is then examined using machine learning and advanced malware analysis to identify anomalistic activity and uncover new threats.
We know that a persistent, highly determined attacker will always find a way in, particularly in today’s business climate, as organisations embrace digital transformation. As such, the focus is not only about keeping attackers out … but rather how we manage the threat once our defenses have been breached.