As reported on Silicon Beat, security firm Symantec has released its report on the state of cyber-security in 2013. The news is not good, with major increases in the number, scope, loss, and cost of cyber crime last year. The good news was scarce, although Symantec reported a drop in the volume of SPAM as a percentage of all email traffic. Some of the important metrics, as reported on the Symantec web site:
- 91% increase in targeted attacks campaigns in 2013
- 62% increase in the number of breaches in 2013
- Over 552M identities were exposed via breaches in 2013
- 23 zero-day vulnerabilities discovered
- 38% of mobile users have experienced mobile cybercrime in past 12 months
- Spam volume dropped to 66% of all email traffic
- 1 in 392 emails contain a phishing attacks
- Web-based attacks are up 23%
- 1 in 8 legitimate websites have a critical vulnerability
Symantec also said that “targeted attacks … lasted an average of three times longer compared to 2012. Personal assistants and those working in public relations were the two most targeted professions — cybercriminals use them as a stepping stone toward higher-profile targets like celebrities or business executives.”
The basic message here is that things are currently getting worse rather than better. Is this the end? We have seen spikes in malicious activity in the past, such as the mass mailing worm onslaught that occurred back between 1999 and 2004, the Melissa to Sasser era. We overcame those threats. I have a certain level of confidence that the white hats will again overcome the black hats and restore order to the Internet and the online economy. The question is: How long will it take? And how much worse will it get?
One of the first and least expensive activities that a company could employ is to train their staff about cyber security and threats. This has been shown to have the quickest and best return on investment as well.
In the interim, those of us in the security community need to be using every resource at our disposal to protect ourselves and our clients from cyber exploits. And the business owners and mangers who employ us need to listening to our warnings and implementing our suggestions, and budgeting for the kinds of investments that world class cyber security requires. To do otherwise is a short-sighted and possibly career or company ending decision.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com