Study reveals rise in zero-day attacks
Security vendor Check Point Software Technologies Ltd. has unveiled its Security Report. It reveals the most significant security threats that affected companies worldwide last year.
The Security Report provides insight into the extent of infiltration and sophistication of new threats to businesses. Mobility, virtualization and other technologies have changed the way business is done. While organizations have adopted these tools to increase productivity, they often forget the security implications of lacking the right security implementations.
The Security Report highlights the proliferation and growth of threats on enterprise networks based on information obtained during 2014. This report is based on the study and analysis of over 300,000 hours of monitored network traffic from more than 16,000 threat prevention gateways and over 1,000 smartphones.
The main findings security reports are:
Exponential increase in known and unknown malware
2014 saw an increase in malware at an alarming rate. The latest report shows that an organization was threatened by 106 unknown malware types every hour: 48 times more than the 2.2 downloads per hour reported in 2013. Unknown malware will continue to threaten businesses. However, zero-day malware, in which unknown malware builds on known malware, poses a far greater threat than unknown malware. Zero-day malware is built almost from scratch, so to speak, to exploit software vulnerabilities that vendors do not yet know about. Cyber criminals also continue to use bots to extend and accelerate the spread of malware: in 2014, 83 percent of organizations studied were infected with bots, enabling constant communication and data exchange between these bots and their command-and-control servers.
More harm than good through BYOD
Mobile devices are the weak links in the security chain because they provide easier, direct access to more valuable corporate assets than any other point of intrusion. According to the study, for organizations with more than 2,000 mobile devices on their internal network, there is a 50 percent chance that at least six of them are infected or threatened. Seventy-two percent of IT vendors surveyed agreed that their biggest challenge related to mobile security is protecting enterprise mobile data. The second biggest challenge, according to 67 percent, is managing private devices that store both corporate and personal data. Corporate data is at risk and it is extremely important to understand these risks in order to take the right measures to secure mobile devices.
Use of dangerous applications has a high price
To streamline their business operations, companies often turn to applications, but these can become dangerous gateways for hackers. Some applications, such as file sharing, are obviously risky. The rise of "shadow IT," applications that are not sponsored or supported by the central IT organization, makes business operations even riskier. The study reveals that 96 percent of companies surveyed used at least one high-risk application in 2014. This represents a 10 percentage point increase from the previous year. The study also shows that 12.7 incidents involving high-risk applications occur every hour. These provide cyber criminals with many opportunities to access the corporate network - a high-risk business.
Data loss as the main concern
Cyber criminals are not the only threat to the integrity and security of corporate data. Just as quickly as a hacker can penetrate a network, activities within the network can lead to data loss. Check Point found that 81 percent of companies analyzed have experienced a data loss incident - a 41 percent increase since 2013. Corporate data can be leaked unknowingly for a variety of reasons, but most often it is related to activities of current and former employees. While most security strategies are focused on protecting data from intrusive hackers, it is equally important to protect data from leaking out.
Press release of the IT security provider