The 21st edition of Symantec’s Internet Security Threat Report (ISTR) was released in April, detailing emerging trends such as the increase in malware, the rise of mega data breaches, and an uptick in ransomware.
The data presented in the ISTR comes from Symantec’s Global Intelligence Network, which monitors threat activity in over 157 countries and is made up of 63.8 million attack sensors that record thousands of events per second.
The ISTR highlights some eye-opening security breakdowns: In 2015 alone, ransomware increased 35 percent, more than 100 million fake technical support scams had to be blocked, and vulnerabilities were found in 75 percent of all websites. And because the Internet of Things and smart devices are expected to grow to more than 20 billion units by 2020, the “insecurity of things” remains a huge risk.
A strong security strategy must be a top priority for organizations and their employees alike. Here are three areas in particular that deserve special focus.
1. In 2015, new zero-day vulnerabilities were discovered each week, and organizations were exposed for about seven days before a patch was implemented.
Though there is no stopping zero-day attacks, organizations can safeguard their environment through regular software patching. As prevalence of these attacks grows (zero-day vulnerabilities doubled in 2015), organizations should strive to be more aware of the high-profile vulnerabilities and actively seek out updates.
2. Half a billion personal records were stolen or lost in 2015, and 36 percent of breaches involved medical records.
Today, ransomware attacks target organizations of all sizes. The first line of defense remains a strong perimeter, but better policy enforcement and security protocols within a network can stop ransomware from spreading within an environment.
3. From 2011 to 2015, spear-phishing campaigns targeting SMBs increased 138 percent.
Cyber criminals don’t care how small an organization is if they believe there’s valuable data to be stolen. In addition to endpoint protection and encryption, organizations should regularly coach employees to spot, report, and delete the suspicious emails that can expose the entire company with a single click.
The case for well-rounded security
What do these charts tell us? Threats are complex and target organizations of all sizes, so every IT department must develop a robust security environment. Because IT security threats are constantly changing and growing more refined, organizations must be vigilant about patching and updating their systems as well.
Cybersecurity threats and incidents are only expected to rise in 2016, so it’s important that your organization remains secure and uncompromised. Reach out to your SHI Account Executive for more information and to schedule a call with a Security Architect.