Click me
Transcript

Internet Security Threats

Internet Security Threats Symantec has established the most comprehensive source of Internet security threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. 60,000 8.4 BILLION 1.7 BILLION RECORDED VULNERABILITIES EMAIL MESSAGES PROCESSED PER MONTH WEB REQUESTS FILTERED PER DAY These resources give Symantec analysts unparalleled sources of data with which to identify, analyse, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The following data is an analysis of these findings... Business-Related Threats #1 Targeted Attacks / Spear-Phishing: This involves an email fraud attempt that targets a specific person or job role within an organisation, seeking unauthorised access to confidential data. Spear phishing attempts are usually conducted by perpetrators out for financial gain, trade secrets or military information. Although the number of attacks fell in 2013, the duration of the campaigns increased! 2012 2013 Vs. Emails Per day 116 -28% 83 In 2013... -79% -76% +91% 3х Recipients Per campaign Average Time Per campaign Campaigns Attacks Per campaign 779 23 29 8 Days The industry you work in can have a great impact on your risk of being targeted by a Spear-Phishing Campaign... Mining Public Admin (Gov.) Manufacturing 1 in 2.7 1 in 3.1 1 in 3.2 Top Industries Attacked by Spear-Phishing Public Admin (Gov.) 16% Services (Professional) 15% Services (Non-Traditional) 14% 13% 13% 6% 2% 1% 1% Manufacturing Finance, Insurance Transport, Energy Wholesale Retail Mining Construction & Real Estate & Communications Although only 0.9% of attacks were aimed at the Mining sector, 1/3 of Mining organisations were targeted at least once! Risk Rating: High Risk Medium Risk Low Risk ... And your Job Role can also affect your likelihood of being targeted by Spear-Phishing Campaigns... P.A. Media Senior Management CEO Sales C-Level Recruitment R&D The size of your organisation can also increase the risk Risk of Being Targeted 1 in 2.3 39% 50% 31% 19% 31% 1 in 5.2 30% 2012 2013 Large Enterprises 2,501+ Employees Medium Businesses Small Businesses 251-2,501 Employees 1-250 Employees Spear-Phishing Attacks by Size of Organisation 2011 2012 2013 2,501+ Employees 39% 50% 50% 1,501-2,500 1.001-1,500 61% 501-1,000 50% 31% 50% 251-500 30% 18% 1-250 Larger enterprises were more likely to be targeted through watering-hole attacks than through Spear-Phishing. 41% 41% of all attacks were targeted at businesses with 1-500 0/ employees in 2013, compared to 36% in 2012 The proportion of attacks targeted at small businesses is increasing.. However, larger companies are still at greater risk of receiving a Spear-Phishing email 2,500+ 1,501-2,500 1,001-1,500 1 in 2.3 HIGH RISK 1 in 2.9 HIGH RISK 1 in 2.9 HIGH RISK 501-1,000 251-500 1-250 1 in 3.8 1 in 4.3 1 in 5.2 MED. RISK MED. RISK MED. RISK #2 Web-Based Attacks Attackers exploit a vulnerability in a legitimate website in order to gain control and plant their malicious payload within the site. Vulnerability scans of public websites, performed by Symantec in 2013, found that 77% of sites contained vulnerabilities. 2012 vs. 2013 Scanned Websites with Vulnerabilities... 53% | +24% 77% 2012 2013 % of which were critical 24% -8% 16% 2012 2013 1 in 8 sites had critical unpatched vulnerabilities Websites Found with Malware 1 in 532 1 in 566 2012 2013 New Vulnerabilities, or 'Zero-day' Vulnerabilities 2012 5,291 +28% 2013 6,787 The most commonly exploited vulnerabilities are related to SSL and TLS protocol renegotiation. Zero-day vulnerabilities are frequently used in watering-hole web-based targeted attacks. Attackers can switch to a new exploit for an unpublished zero-day vulnerability once the attack is discovered and the vulnerability published. ZERO DAY Zero-day Vulnerabilities - The Facts: Annual Totals: 14 +64% 23 2012 2013 25 20 15 '06 '07 '08 '09 '10 '11 '12 '13 19 97% DAYS DAYS 97% of attacks identified as Average time between publication and patch for Zero-day attacks Total time of Zero-day were Java-based exposure for the Top Zero-day attacks (publication to patch) The Top 5 Zero-day Attacks of 2013 Java SE CVE-2013-1493 54% Java Runtime Environment SE CVE-2013-2423 27. Java Runtime Environment SE CVE-2013-0422 16 Internet Explorer SE CVE-2013-1347 13 Internet Explorer sE CVE-2013-3893 16 14 10 90 No. of Days after Vulnerability Protection #3 Data Breaches An increasingly popular trend, data breaches can come in many forms, from hacking through to accidentally leaking data to the public. Theft and loss of computer drives also count as data breaches, as well as insider theft and fraud. The Top Causes of Data Breaches (2013) Hacking Accidentally Made Public Theft / Loss of Computer 34% 29% 27% Insider Theft Unknown Fraud 6% 2% 2% 4.7 million The average number of identities exposed per data breach for hacking incidents Data Breaches grew significantly through 2013 40 160 35 140 30 120 100 20 80 60 40 JF M A MJJ ASO N D 2012 2013 Vs. Average Number of Identities Exposed 604,826 2,181,891 2012 2013 OVER 2.5 TIMES AS MANY! The Median Number of Identities Exposed 6,777 8,350 2012 2013 The Number of Incidents Resulting in over 10 Million IDs Being Exposed 8. 2012 2013 Risk to Corporations Reputational Damage Loss of Customer Trust Loss to Competition Extensive Media Coverage Class Action Lawsuits Further Costs Bankruptcy Information Technology Solution Specialists EICC CTO Servors Parts Supply Support Consultancy www.icc4it.co.uk LOW MEDIUM HIGH RISK Number of Incidents No. of Attacks Detected (1000s) Annual Total of Zero-day Vulnerabilities Identities Exposed (Millions)

Internet Security Threats

shared by RFox91 on Sep 22
198 views
0 shares
0 comments
Everyone has been either been targeted or fallen victim to a computer virus or malware (if you haven't you're extremely lucky). So we've collected some data and compared the internet security problems...

Publisher

ICC

Category

Computers
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size