The latest ISTR 2014 (Internet Security Threat Report) provides a useful insight to trends, threats, risks and draws comparisons on the year before. Please find some key extracts and facts below:
Highlights from the 2014 Internet Security Threat Report
91% increase in targeted attacks campaigns in 2013
62% increase in the number of breaches in 2013
Over 552 Million identities were exposed via breaches in 2013
23 zero-day vulnerabilities discovered
38% of mobile users have experienced mobile cybercrime in past 12 months
Spam volume dropped to 66% of all email traffic
1 in 392 emails contain a phishing attacks
Web-based attacks are up 23%
1 in 8 legitimate websites have a critical vulnerability
These are just a few of the many facts from the comprehensive reports, below are some of the suggestions the reports makes to defend against the risks, please email us at firstname.lastname@example.org for a copy of the full 2014 ISTR report.
Best Practice Guidelines for Businesses
1) Employ defence-in-depth strategies
Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network.
2) Monitor for network incursion attempts, vulnerabilities, and brand abuse
Ensure you have a system to be notified of/and receive alerts for new vulnerabilities, and threats across vendor platforms for proactive remediation.
Track brand abuse via domain alerting and fictitious website reporting.
3) Antivirus on endpoints is not enough on endpoints
It is important to have the latest versions of antivirus software installed. Deploy and use a comprehensive endpoint security product that includes additional layers of protection including: