In any given week, multiple vendors issue reports and surveys on the status of the security industry and the threats that enterprises and consumers are facing. This past week was particularly busy for reports, with studies from IBM, Trustwave, Imperva, Vectra Networks, Tripwire, Beazley and Wandera, among others.
Each report has its own focus, as each vendor has a particular domain of expertise, and in some cases, security studies have a self-serving purpose in order to validate that a given vendor’s technology solves a challenge outlined in a study. Security studies, like any other research, also vary in methodology as well as the quality and number of responses received.
Looking at the multiple reports issued this past week provides an interesting, insightful look at a set of trends about where security stands today.
Insiders, Partners Posing Risks
IBM’s 2016 Cyber Security Intelligence Index highlights the challenge of insiders as a growing risk over the past year. According to IBM, 60 percent of attacks in 2015 involved insiders, up from 55 percent in 2014. IBM also found that the Shellshock vulnerability represented 38 percent of attacks that targeted financial institutions in 2015.
While IBM highlights the security risks of insiders, Tripwire released a study on the impact of business partner security. Among the high-level findings in the study is that 34 percent of the surveyed organizations use partners and suppliers that fail to meet their security standards. That fact is somewhat surprising, given that 95 percent of respondents to Tripwire’s study reported that they believe a partner or security breach could expose valuable data.
The Beazley Breach Insights 2016 report also examined the risks partners pose. According to Beazley, 18 percent of breaches it worked on in 2015 involved third-party vendors, up from only 6 percent in 2014. Among the big highlights of the Beazley Breach Insights, though, is the projection that Ransomware will grow by 250 percent in 2016 over 2015.
DDoS Attacks, C&C Activity and More
Among the various types of attacks that commonly occur on the modern Internet are of the distributed denial-of-service (DDoS) variety. That is the subject of the Imperva Q1 2016 Global DDoS Threat Landscape report. One of the key findings in the report is that DDoS attacks aren’t typically one-off exercises; rather, almost half (49.9 percent) of DDoS-targeted Websites were attacked more than once.
Observing a different aspect of the security risk landscape, the 2016 Trustwave Global Security Report sheds some light on the specific vulnerabilities attackers used in 2015. According to Trustwave, Adobe Flash was a top target, with 38 percent of all zero-days in 2015 based in Flash. Looking at platforms, 71 percent of Web attacks observed by Trustwave, targeted open-source WordPress, while 85 percent of compromised e-commerce systems used the open-source Magento system. Not surprisingly, 60 percent of breaches targeted payment card data.
While attackers use different methods to get into networks, Vectra Networks 2016 post-intrusion report provides some insights into what attackers are doing once they gain access. Command-and-control (C&C) activity from a botnet host was found in 67 percent of attacks.
A Busy Week of Security Studies: Insider, DDoS, Mobile Threats
The Vectra report noted that C&C activity is not a surprise after a breach, as that’s how botnet attacks are enabled. With a botnet in place, one of the leading monetization techniques used is click fraud, found in 58.1 percent of attacks Vectra analyzed. While click fraud is common, only 3.1 percent of cases Vectra analyzed found data exfilitration as part of a post-intrusion activity.
Among the hottest areas of security today is mobile, which the Wandera Mobile Data Report Q1 2016 examines. Wandera reported a 17 percent rise in the first quarter of this year from last year’s fourth quarter in the number of analyzed apps and mobile Websites that are leaking sensitive data.
So what do all the reports published just last week reveal about the security landscape? In summary, partners and insiders are a risk, mobile apps are leaking data, DDoS attacks are often repeated and Flash is a top path to exploitation.
No big surprises and in many cases, the studies affirm what many IT professionals and security experts likely already suspected, but it’s still always good to get numerical and empirical confirmation.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.