Listen to any IT expert when he or she is talking about a cyber-attack and the typical response will be– It’s not a matter of “if”, but “when”.
Symantec, a global internet security company, just released its 2016 Internet Security Threat Report, and the attack trends continue to back up the above statement. Here are some key areas noted in the Report:
- Discovery of zero-day vulnerabilities increased significantly. In 2015, the number of zero-day vulnerabilities discovered by threat trackers more than doubled to 54, a 125 percent increase from the year before. That averages one per week. For reference, a zero-day vulnerability is a virus that providers such as Norton and Symantec don’t have a patch for yet. As a result, even if you have good patch management procedures your system is still vulnerable to these viruses.
- Reported breaches rise. In 2015, there was a record-setting total of nine mega-breaches, and the reported number of exposed identities jumped to 429 million. But the real damaging story is that more companies chose not to reveal the full extent of their data breaches, leaving customer victims potentially in the dark about their personal information being stolen.
- Significant lack of patching on websites continues to expose users’ vulnerabilities. There were over 1 million web attacks in 2015. Cybercriminals continue to take advantage of vulnerabilities inside the coding of legitimate websites to infect users as many website administrators fail to secure their websites. It’s estimated that 75 percent of all legitimate websites have un-patched vulnerabilities.
- Employee targeting doubled in spear-phishing campaigns. In 2015, large businesses targeted for attack were again the most likely to be attacked at least three more times throughout the year. However, businesses of all sizes are potentially vulnerable to targeted attacks. Spear-phishing campaigns targeting employees in general also increased 55 percent in 2015.
- Ransomware attacks continue to rise. Ransomware increased by 35 percent. Cyber criminals are using encryption as a weapon, and an extremely profitable type of attack is ransomware. This approach will continue to entrap PC users and can expand automatically to any network-connected device, allowing multiple assets to be held hostage for a profit.
The reality is the no company today is safe anymore from cyber-attacks. And while large companies like Target and Home Depot catch the headlines with their troubles, now small businesses are also primary targets. Considering the nature of attacks such as ransomware allowing hackers to attack a vast number of targets vs. focusing on one target at a time and the fact that small businesses tend to have less sophisticated security and network infrastructures to prevent attacks make them appealing targets. According to a recent Verizon Data Breach Report, over 75 percent of the latest attacks are on companies with fewer than 200 employees.
Concerned about your company’s security? Contact our consultants at PBMares to discuss how we can help ensure your business is prepared to face the growing challenge of cybersecurity threats.