Symantec Internet Security Threat Report: 5 Internet Security Trends On The Rise In 2016
New Year, New Threats
Every year, Symantec pulls the data from its extensive cyberintelligence network and compiles the results into its annual Internet Security Threat Report. The report this year found that 430 million new pieces of malware hit the market in 2015, revealing new trends on the rise around zero-day threats, ransomware, targeted attacks and more.
While the list of threats goes on and on, with record amounts of security threats in multiple categories, Kevin Haley, director of product management for Symantec Security Response, highlighted the five trends in Internet security that partners will want to pay attention to this year. Take a look at what Symantec found.
Growth In Zero-Days
2015 was a record year when it came to zero-day attacks, the report found, with a 125 percent increase over the year before, to 54. Unfortunately, that's a trend that will only continue to escalate, Haley said.
"It will only continue to rise," Haley said. "We won't get back to where we were before. … It just isn't going to happen."
Haley attributed the drastic, sudden increase in zero-day threats -- in which hackers exploit vulnerabilities before they can be fixed -- to the sheer number of attackers, nation states and profiteers looking to find new zero-day vulnerabilities to either exploit or sell on the black market. For partners, this is a big deal, he said, because attack toolkits for sale on the black market make it easier for cybercriminals to attack partner clients and compromise their environments. To fight this, Haley recommended partners help their clients adopt strong security products, as well as get to up speed with patching as quickly as possible.
Lack Of Breach Reporting
According to the Symantec report, 429 million records were exposed in breaches in 2015. However, Haley said, that number is likely to be vastly underestimating the amount of records actually exposed, as the number of companies not reporting the full extent of a breach is on the rise. He estimated the real number is well over 500 million.
"It's a shame, because transparency is really important," Haley said. "It's really important to understand the extent of the problem, to figure out what you can do about it and how we are doing [as an industry]."
Haley said companies often refrain from reporting the full extent of breaches because they want to mitigate the impact on their reputation. He said regulatory and legislative action will likely have to extend to more industries to fix this problem.
Incomplete Website Security
Website security issues are a trend that has continued for a number of years, Haley said, and 2015 was no exception. According to the study, 78 percent of websites had unpatched vulnerabilities on them. While often the fault of the Web administrator, Haley said, the victims of this sort of vulnerability are users themselves. That lack of direct accountability for failure to patch websites makes this a difficult problem to solve, he said.
Rise Of Ransomware
Ransomware has been on the rise in recent weeks in the news, with multiple high-profile attacks on hospitals. The numbers back up that rise, the Symantec report found, with a 35 percent increase in crypto ransomware attacks in 2015. Haley recommended that partners get ahead of this trend for clients by putting strong security solutions in place on desktop and email systems, as well as making sure backup and recovery systems are in place. Haley also recommended training employees to be more aware of the problem and on how to recognize potentially malicious content.
Shifting Attack Targets
Finally, the Symantec report found that small businesses saw an unfortunate growth in the number of attacks targeted at them, rising to 43 percent of all targeted attacks. Twenty-two percent of targeted attacks were toward medium-size businesses. While the overall risk to a small business of getting attacked compared with that of an enterprise is lower -- 1 in 40 versus 1 in 2.7 -- Haley said the data shows that small businesses aren't immune to attacks simply because of their size. Those odds get worse if a business has already been attacked, he said.
"The message I would have to small businesses is that you shouldn't forget about security," Haley said. "You really have to make it part of what you do."