IBM has released its X-Force Cyber Security Threat Intelligence Report (Q1 2015) and it discloses some very interesting facts about the cyber threat landscape over the last year.
- Based on pure volume, the total number of records breached in 2014 was nearly 25 percent higher than in 2013
- The tone of breaches has shifted, revealing disturbing flaws in the fundamentals of both systems and security practices
- With stricter disclosure laws than many countries and higher hosting rates for high-profile websites, the United States continued to be a top target in 2014 – The US represented over 70% of breaches, compared to the next highest country, the UK, at 3.4%
- The 2014 vulnerability forecast shifted drastically when an automated tool identified a class of vulnerabilities affecting thousands of Android apps with improper SSL certificate validation
- 59% of CISOs strongly agree that the sophistication of attackers is outstripping the sophistication of their organization’s defenses
- Use of default passwords continues to be a problem as well. These breaches demonstrate that fundamental security practices, such as changing default account passwords, are still not being implemented adequately.
- DDoS attacks have been used as a distraction in recent years as a cover for breaching a target. DDoS attacks were also used as a form of “ransomware” or extortion throughout the year.
A review of the breaches in 2014 shows a mix of attackers targeting low-hanging fruit (for example, by running scripts against known vulnerabilities) as well as using sophisticated, custom exploits to reach high-profile targets with surgical precision.
Contact ACE IT Solutions at email@example.com to receive a complimentary copy of the IBM X-Force Cyber Security Threat Intelligence Report (Q1 2015)
ACE IT Solutions’ Security Services, offered in partnership with IBM, provide a simple and cost-effective way to limit potential threats 24×7. Through our partnership with IBM, ACE IT Solutions leverages one of the world’s largest collections of security information to combine advanced analytic capabilities into cloud-based security services that can be mixed and matched according to each business’ specific needs.