Symantec’s Internet Security Threat Report has found that there were almost one million new malware threats every day in 2014.
The report also found that “it took 204 days, 22 days, and 53 days, for vendors to provide a patch for the top three most exploited zero-day vulnerabilities. By comparison, the average time for a patch to be issued in 2013 was only four days. The most frightening part, however, is that the top five zero-days of 2014 were actively used by attackers for a combined 295 days before patches were available.”
There are many interesting findings from this report; some highlights:
- The UK has received the unwanted accolade of being the top in Europe for suffering targeted attacks in 2014, and came second globally.
- 60% of all targeted attacks struck small and medium-sized organisations.
- Five out of six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014
- Ransomware attacks grew 113% in 2014, driven by a 4,000% increase in crypto-ransomware attacks.
Lazy but successful
Symantec Security Response director Kevin Haley said: “Cybercriminals are inherently lazy; they prefer automated tools and the help of unwitting consumers to do their dirty work,”
A recent report from Verizon mentioned that while cyber attacks are becoming more sophisticated, criminals are still relying on techniques that have been around for decades, such as phishing.
Why change something that works?
Verizon’s report found that 23% of people open phishing messages and 11% go as far as clicking attachments. Verizon claims that it takes just 82 seconds from the start of a phishing campaign for criminals to get their first bite.
Furthermore, many existing vulnerabilities in corporate computer networks remain open, primarily because security patches that have long been available were never implemented.
“We continue to see sizeable gaps in how organisations defend themselves,” said Mike Denning, vice president of global security for Verizon Enterprise Solutions.
No organisation wants gaps in their defences. To ensure that your organisation is gap-free, then you’re advised to conduct regular penetration tests to identify vulnerabilities. Click the image below to learn more.