71 percent of organizations were victims of successfully cyber attacks in 2014 according to the “2015 Cyberthreat Defense Report” report.
The CyberEdge Group published an interesting report, titled “2015 Cyberthreat Defense Report” that in line with similar studies confirms the increase in the number of successful cyber attacks against organizations.
The report analyzed data provided by 814 organizations, it surveyed IT security decision makers and practitioners in 19 industries across North America and Europe.
71 percent of respondents confirmed that their organization was compromised by a successful cyber attack last year, meanwhile the percentage related to the previous year was 62 percent. Most disconcerting is the data related to multiple cyber attacks suffered by the organizations, 22 percent declared that their organization experienced six or more successful cyber attacks.
According to the experts, one of the principal reasons for the rise in the number of cyber attacks is the level of sophistication of the attackers’ tactics. Phishing attacks, malware and zero-day attacks are the principal attack vectors exploited by bad actors in the wild. Today I published a blog post on the ICS-CERT Monitor report that confirms the data provided by the CyberEdge Group in his survey.
Below other interesting findings from the survey related to cyber attacks against organizations:
“Along with social media applications, endpoint computing devices of all types – but especially mobile ones such as smartphones and tablets – are recognized as relative weak spots in most organizations’ defenses”
“Although they are among the leading solutions planned for acquisition in the coming year, many of the “next-generation” technologies most likely to be effective against advanced malware and targeted attacks, such as security analytics, network behavior analysis, and cyberthreat intelligence services, show fairly modest adoption rates”
“More than a third of today’s security teams lack the tools needed to inspect SSL-encrypted traffic for cyberthreats – or the exfiltration of sensitive data”
“Only one-quarter of IT security professionals are confident that their organizations are doing enough to monitor privileged user accounts for signs of misuse and/or compromise”
“Adoption rates for key technologies and practices instrumental in reducing a network’s attack surface – such as security configuration management and conducting full-network vulnerability scans more often than quarterly – remain fairly modest “
“Less than 20% of IT security professionals are confident in the level of investment made by their organizations to educate employees about phishing attacks.”
“A full two-thirds of organizations recognize that the anti-malware solution currently being used to defend their endpoints is not providing adequate protection.”
About the Author Elsio Pinto
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.