Annual Security Reports Predict What We Can Expect in 2015

Recent security reports give insight into security best practices often missed.

1 2 Page 2
Page 2 of 2

The GTIR described how “good enough” security by organizations is not sufficient to keep up with the quick and nimble responsiveness of well-funded attackers.  This report also commented on the well-known fact of the erosion of the traditional enterprise security perimeter and a need for enterprises to deploy a diverse and layered security strategy that involves the end-user and their BYOD systems.  The GTIR discussed how application-layer attacks are the norm, but DDoS attacks and botnet activity account for many of the security incidents.  This report also confirmed the other reports in citing that the greatest number of attack sources and botnet C&C systems like ZeroAccess Supernodes are found within the United States.  The GTIR also has several realistic case studies for the various attack types highlighted.

FireEye Advanced Threat Report & Mandiant M-Trends Report

FireEye is a manufacturer of perimeter-based adaptive threat defense systems that focus on preventing malware from being received over web, e-mail or through file transfers.  FireEye’s system leverages their virtual-machine detection Multi-Vector Virtual Execution (MVX) technology that uses a sandbox and signature-detection methods to detect and prevent malware infections.  FireEye has published their Advanced Threat Report for several years and their most recent 2013 edition is available for download.

Now that FireEye has acquired Mandiant and the knowledge team lead by Richard Bejtlich (longtime security researcher and author of many fantastic security books), their combined research has produced improved security guidance.  The security reports are created by the FireEye/Mandiant Intel team.  Mandiant has historically published their M-Trends report and their M-Trends 2013: Attack the Security Gap report. 

The FireEye report corroborated other reports that showed that APTs and malware most frequently targeted the U.S. and that Java exploits were popular.  The M-Trends report confirmed that the number of days that networks were compromised was well over 200 and that attackers leveraged malware propagation, drive-by downloads, and business partner networks to infiltrate organizations.  The M-Trends report also covered how adept attackers are getting at external and internal reconnaissance of their victims.  We should soon expect new and improved combined versions of these reports to be published with data from 2014.

Check Point 2014 Internet Security Report

Check Point has published annual security reports for several years now.  Their latest report is their 2014 Security Report which covers security trends observed in 2013 by their security researchers and by their ThreatCloud system.  This report, like the others listed here, recognized the transition of malware attacks to political and ideological hacktivism, state-sponsored industrial espionage, the increased appearance of ransomware, advanced APTs, and DNS packet amplification DDoS attacks.  Check Point, therefore, recommends that more organizations utilize improved AV software, better URL filtering, anti-bot mitigation, malware detection/prevention systems that perform emulation, sandboxing, and have capabilities to disarm the malware at various points along the “Kill Chain”.  The security report also discussed the risks related to the use of web anonymizers, file sharing and storage services, social media applications, and Remote Administration Tools (RATs).  The report also talked about the data loss experience by high-profile companies and discussed, like other reports listed here, that there are many more incidents of data loss that go unreported.

Trustwave Global Security Report (GSR)

Trustwave is a global security services company.  Through their work helping organizations secure their environments, they observe attacks and their security researchers are discovering the latest security threats.  Trustwave publishes a comprehensive Global Security Report based on their observations from the previous year.  This year’s report was as easy to read as a comic book, yet it contained valuable statistics that provide insights into the security challenges enterprises face. The report confirmed other report’s observation of the increase in retail attacks and Point-of-Sale (POS) breaches, number of days between intrusion till detection, amount of spam traffic, origins of hosted malware, and victim geography.  This report provided a vast amount of infographic-like statistics based on Trustwave’s global perspective of current security incidents.

Securosis

Securosis is a leading independent and objective security research firm that provides practical advice on how to make your organization more impervious to modern cyber threats.  Securosis provides much of their research library on their web site and there are a wide range of useful reports listed there.  While these reports are not necessarily annual security reports, in the spirit of sharing security information, they provide useful information to organizations wanting to improve their security posture.  Some of my favorite reports they have written are their “The Future of Security, The Trends and Technologies Transforming Security” published on February 20, 2014 and their Continuous Security Monitoring (CSM) report from 2013.  One of their most recently published reports is their “2015 Endpoint and Mobile Security Buyer’s Guide”.

Ponemon Institute

The Ponemon Institute is also an independent research firm and consultancy that focuses on IT security topics in order to help organizations learn about emerging threats and the best practices for securing their infrastructure.  The Ponemon Institute provides their research library or published papers on their web site.  Again, while not necessarily annual security reports on the changing global threat landscape, these are very useful reports nonetheless.

The Ponemon Institute also worked with HP Enterprise Security to create the “2013 Fourth Annual Cost of Cyber Crime Study”.  These reports are published for different geographies and you can download the report for your location.  The Ponemon Institute has published other useful papers such as the “2013 Cost of Data Center Outages”, published December 18, 2013 and their “2013 Cost of Data Breach: Global Analysis”, published mid-2013.

Conclusions

In the IT industry, there are many people who consume content that is created by others but don't share information.  We can be certain that this knowledge sharing is taking place among the attackers.  Therefore, it is imperative for us as defenders share our experiences with each other.  From the statistics revealed in these security reports, there are many organizations who need their security teams to learn about current Internet threats.  We can be certain that the more we share, the stronger we can make our collective defenses.

Based on all this information from these reports and historical trends, we can expect the security threat landscape to continue to change in 2015.  Companies need to start to seriously invest in their security programs beyond just “checkbox security” to achieve the minimum compliance level of protection.  Organizations can no longer run IT shops as lean as possible trying to continually cut operational costs.  Enterprises can only “do more with less” up to a point where it starts to hurt the business.  Security is a time-intensive exercise and there are few shortcuts.  Those organizations who do less than the minimum level of effort to stay secure will encounter breaches resulting in loss of their intellectual property, customer data, and subsequently loss of their reputations in the industry.

For 2015, more organizations should share information about their security and absorb information that others are writing about the current state of security threats and attacks.  Organizations can use this free security research information to make sure that their security systems are being adaptive to the latest threats.

Scott

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
IT Salary Survey: The results are in