2016 Internet Security Threat Report
The 2016 Internet Security Threat Report (ISTR) provides an overview and analysis of the year in global threat activity.
In 2015, the number of zero-day vulnerabilities discovered more than doubled to 54, a 125 percent increase from the year before. Or put another way, a new zero-day vulnerability was found every week (on average) in 2015. Given the value of these vulnerabilities, it’s not surprising that a market has evolved to meet demand.
In 2015, we saw a record-setting total of nine mega-breaches, and the reported number of exposed identities jumped to 429 million. But this number hides a bigger story. In 2015, more companies chose not to reveal the full extent of their data breaches. A conservative estimate of unreported breaches pushes the number of records lost to more than half a billion.
There were over one million web attacks against people each day in 2015. Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites. Nearly 75 percent of all legitimate websites have unpatched vulnerabilities, putting us all at risk.
In 2015, large businesses targeted for attack once was most likely to be targeted again at least three more times throughout the year. All businesses of all sizes are potentially vulnerable to targeted attacks. In fact, spear-phishing campaigns targeting employees increased 55 percent in 2015. No business is without risk.
An extremely profitable type of attack, ransomware will continue to ensnare PC users and expand to any network-connected device that can be held hostage for a profit. In 2015, ransomware found new targets in smart phones, Mac, and Linux systems. Symantec even demonstrated proof-of-concept attacks against smart watches and televisions in 2015.
Fake technical support scams have evolved from cold-calling unsuspecting victims to the attacker fooling victims into calling them directly. Attackers trick people with pop-up error alerts, thus steering the victim to an 800 number where a “tech support rep” attempts to sell the victim worthless services. In 2015, Symantec blocked 100 million of these attacks.
Cyber attacks are increasing in number and sophistication. Today’s threats differ from those encountered a month ago. What can you do to improve your security posture?