When reviewing a report like the one mentioned below (links to full text report at bottom of post) it’s likely many thoughts will cross your mind including:
1. The importance of vigilant Internet security for the enterprise and a basic understanding about what you can do to keep yourself as safe as possible. A “basic understanding” can change quickly so keeping current is also key.
2. A large and expanding need for the library/librarian community to providers of unbiased and accurate security and privacy information, resources, and education.
From the Exec. Summary of the Report:
While 2013 was seen as the Year of the Mega Breach, 2014 had high-profile vulnerabilities grabbing the headlines. Data breaches are still a significant issue, since the number of breaches increased 23 percent and attackers were responsible for the majority of these breaches. However, attention shifted during the year from what was being exfiltrated to the way attackers could gain access.
In 2014, attackers continued to breach networks with highly targeted spear-phishing attacks, which increased eight percent overall. They notably used less effort than the previous year, deploying 14 percent less email towards 20 percent fewer targets. Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack.
Non-targeted attacks still make up the majority of malware, which increased by 26 percent in 2014. In fact, there were more than 317 million new pieces of malware created last year, meaning nearly one million new threats were released into the wild each day. Some of this malware may not be a direct risk to organizations and is instead designed to extort end-users.
Ransomware attacks grew 113 percent in 2014, driven by more than a 4,000 percent increase in crypto-ransomware attacks.
Email remains a significant attack vector for cybercriminals, but there is a clear movement
toward social media platforms. In 2014, Symantec observed that 70 percent of social media
scams were manually shared. These scams spread rapidly and are lucrative for cybercriminals
because people are more likely to click something posted by a friend.
Mobile was also ripe for attack, as many people only associate cyber threats with their
PCs and neglect even basic security precautions on their smartphones. In 2014, Symantec
found that 17 percent of all Android apps (nearly one million total) were actually malware in
disguise. Additionally, grayware apps, which aren’t malicious by design but do annoying and
inadvertently harmful things like track user behavior, accounted for 36 percent of all mobile
Direct to Full Text Report
Direct to Data Appendices