The growth and evolution of cyber threats
By
Nick Wakeman
Symantec's latest Internet Security Threat Report shows threats are increasing but also evolving, and that means we need to change how we manage them.
The numbers are big in Symantec’s latest Internet Security Threat Report:
- New zero-day vulnerability reports grew 125 percent in 2015.
- 430 million new unique pieces of malware were discovered.
- 500 million personal records were stolen or lost.
- 100 million fake technical support scams were blocked.
And that is just in the executive summary to the 21st annual edition of the report.
But something else also jumped out at me from the introduction: “Perhaps what is most remarkable is that these numbers no longer surprise us,” the company wrote in its executive summary.
Sadly, cybercrime has become part of our daily lives.
But there are some signs of hope. The total number of breaches fell from 312 in 2014 to 305 in 2015. The 2015 was still significantly higher than the 253 in 2013.
The average number of identities exposed per breach is 1.3 million, up from 1.1 million 2013 but still lower than the 2.2 million exposed in 2013. So, maybe we are getting a little better there.
The number of bots are down, the email phishing rate is improved.
But the nature of the threat is evolving. New mobile device vulnerabilities soared to 528 in 2015, compared to 168 in 2014.
Symantec says that cyber criminals are increasingly targeting smartphones and mobile devices and investing in the technology to carry out sophisticated attacks.
Of course, government agencies and contractors are under constant fire from persistent attacks as well as spear-phishing campaigns. Symantec found that a government agency that was attacked by a spear-phishing campaign once would likely be attacked at least three more times. Spear-phishing is an email that appears to be from a person or business you know, but it isn’t. The email tries to get you to reveal some sort of personal information. Small businesses are a frequent target.
Cyberattacks from criminals is now as sophisticated as those conducted by nation-states.
Symantec is recommending that IT departments become more proactive and not wait for support tickets or for a favored security tool to identify an issue.
“Security needs to start digging through the data proactively during non-breach response time,” the company wrote in its conclusion.
Cybersecurity often is referred to in medical terms – the computer virus for example. Symantec embraces this analogy and recommends going further.
“By being aware of just how many risks you face, you can reduce them, and learn how to recognize symptoms, and diagnose “digital diseases” before they put your data, and your customers’ data at risk,” the company wrote in the report.
To download the report, click here.