Cyber attacks against Organizations increased once again
71 percent of organizations were victims of successfully cyber attacks in 2014 according to the “2015 Cyberthreat Defense Report” report.
The CyberEdge Group published an interesting report, titled “2015 Cyberthreat Defense Report” that in line with similar studies confirms the increase in the number of successful cyber attacks against organizations.
The report analyzed data provided by 814 organizations, it surveyed IT security decision makers and practitioners in 19 industries across North America and Europe.
71 percent of respondents confirmed that their organization was compromised by a successful cyber attack last year, meanwhile the percentage related to the previous year was 62 percent. Most disconcerting is the data related to multiple cyber attacks suffered by the organizations, 22 percent declared that their organization experienced six or more successful cyber attacks.
According to the experts, one of the principal reasons for the rise in the number of cyber attacks is the level of sophistication of the attackers’ tactics. Phishing attacks, malware and zero-day attacks are the principal attack vectors exploited by bad actors in the wild. Today I published a blog post on the ICS-CERT Monitor report that confirms the data provided by the CyberEdge Group in his survey.
Below other interesting findings from the survey related to cyber attacks against organizations:
- “Along with social media applications, endpoint computing devices of all types – but especially mobile ones such as smartphones and tablets – are recognized as relative weak spots in most organizations’ defenses”
- “Although they are among the leading solutions planned for acquisition in the coming year, many of the “next-generation” technologies most likely to be effective against advanced malware and targeted attacks, such as security analytics, network behavior analysis, and cyberthreat intelligence services, show fairly modest adoption rates”
- “More than a third of today’s security teams lack the tools needed to inspect SSL-encrypted traffic for cyberthreats – or the exfiltration of sensitive data”
- “Only one-quarter of IT security professionals are confident that their organizations are doing enough to monitor privileged user accounts for signs of misuse and/or compromise”
- “Adoption rates for key technologies and practices instrumental in reducing a network’s attack surface – such as security configuration management and conducting full-network vulnerability scans more often than quarterly – remain fairly modest “
- “Less than 20% of IT security professionals are confident in the level of investment made by their organizations to educate employees about phishing attacks.”
- “A full two-thirds of organizations recognize that the anti-malware solution currently being used to defend their endpoints is not providing adequate protection.”
About the Author Elsio Pinto
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog
http://high54security.blogspot.com/
and Pierluigi Paganini
(Security Affairs – cyber attacks, cyber security)