50+ Facts About State of CyberSecurity in 2015

50+ facts about State
of
#CyberSecurity
in 2015
MarcosOrtiz(@marcosluis2186)
AGENDA
This is just a compendium

of the main facts, numbers and
stats
of CyberSecurity Industry
SCOPE
The facts are focused in 4

Sectors:
Cloud
Network
Mobile Security Security
Internet of
Things
GENERAL
FACTS
Theworldwide
CyberSecuritymarketisdefinedby
market
sizingestimates
thatrangefrom
$71billionin
2014to$155+billionby2019.
CyberSecurityMarketReportQ22015[1]
Nextgenerationcybersecurity
spendingcould
reach$15billion
to$20billion
inthenext3years.
Globalspendingonmobile
andnetworksecurity
estimatedat$11billionannually,
andgrowing.
Cybercrimewill
costBusinesses
over$2Trillionby
2019
JuniperResearch'sTheFutureofCybercrime&Security:Financialand
CorporateThreats&Mitigation[2]
Crimeinvolvingcomputersandnetworks
hascosttheworldeconomy
morethan$445billionannually,
accordingtoa2014reportbythe
CenterforStrategicand
InternationalStudies.
Demandfor(U.S.)
informationsecurityprofessionals
isexpectedtogrow
by53%through
2018.
APACspending
oncriticalinfrastructuresecurity
issettohit$22billion(USD)
by2020
ABIResearchcalculatesCyberSecurity
spendingforhealthcareprotection
willonlyreach$10billion
globallyby2020,justunder
10%oftotalspendon
criticalinfrastructuresecurity.
AccordingtoCBInsights,
inthelast5years,
$7.3billionhasbeeninvestedinto
1,208privateCyberSecuritystartups.
CBInsights[3]
Insummary,basedonmyyearsofexperienceinthefieldof
TelecommunicationsandCyberSecurity,
Iseethisnextgenerationofbigdatastreaminganalytics
asperhapstheonlysolutionthatcould
protectagainstfuturecyberattacksinenterprise,
criticalinfrastructure,telecommunications
andevengovernmentcomputersandserversand
massiveapplications,evendownto
SCADA(SupervisoryControlandDataAcquisition)
systemsincludingsmartcitiesandtheworld
ofIoTwith50Bdevicesconnectedtotheinternet.
Dr.HosseinEslambolchi[4]
MOBILE
devicesare
infected
With
Mobilesurveillanceand
MobileRemoteAccessTrojans
(mRATs)
1 in 1000
CheckPointSoftwareTechnologiesThreatResearch:TargetedAttacks
OnEnterpriseMobile[5]
42%
ofbusinessessuffered
Mobile
Securityincidents
costing
more
than$250,000
toremediate
CheckPointSoftwareTechnologies'sSecurityReport2015[6]
4,900
newAndroid
Malware
Samples
everyday
GData'sMobileMalwareReportQ12015[7]
0,03%
OutofTenofMillionsof
devices,thenumberof
onesinfectedwith
trulymaliciousexploits
wasnegligible
Verizon's2015DataBreachInvestigationsReport[8]
5B
IstheQuantityofdownloaded
Android
appswhicharevulnerable
toremoteattackslike
JBOH
(JavaScriptBindingOverHTTP)
FireEye'sMobileThreatAssessmentReport[9]
48 %
ofAndroidappshave
atleastone
highrisksecurityrating
44%
Oforganizationsdonot
manage
corporatedataon
Employeeowned
devices
CheckPointSoftwareTechnologies'sSecurityReport2015[6]
33%
Ofappdevelopers
donottesttheirapps
forSecurity
CheckPointSoftwareTechnologiesSecurityReport2015[6]
5B
IstheQuantityofdownloaded
Android
appswhicharevulnerable
toremoteattackslike
JBOH
(JavaScriptBindingOverHTTP)
83%
A2011viaForensics
study
found
ofpopularapps
sampled
storeddatainsecurely
NowSecure'sSecureMobileDevelopment[10]
Top 10
MostPopular
Apps
that'sdon'tencrypt
data
SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption[11]
95%
ofAndroiddevices
couldbeaffected
by
dangerousStagefright
bug
Zimperium[12]
CLOUD
SECURITY
923
Averagenumberof
Cloudservices
inuseby
company
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
8%
Wefoundofcompanies
presentahighcyber
Securityrisk
totheirpartners
29%
Butofdatashared
withpartners
isuploaded
tohighriskpartners
10%
Whileof91%providers
encryptdataintransit
betweenthecloudservice
andenduser,just
encryptdatastoredatrest
inthecloud
In2013,
ThemarketforCloudSecurity
solutionswasUSD
andisestimatedto
growatahealthy
rateof16%till2018
3.47 B
ResearchFox'sCloudSecurityMarketOutlook(20142018)[14]
90%ofcompanies
havesecurityconcernsabout
CloudComputingand
36%ofcompanies
believeCloudappsarelesssecure
thanonpremiseapps
Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers[15]
Ofrespondents,
saynoneofthesecuritythreat
defensesusedare
administered
throughcloudbased
services
13%
Cisco'sAnnualSecurityReport2015[16]
NETWORK
SECURITY
83%
Oforganizations
studiedwereinfected
Withbots.
andabotcommunicates
withaC&Ceveryminute
CheckPointTechnologies'sSecurityReport2015[6]
48
DdoSattacksocurred
everydayin2014
70%
ofcriticalinfrastructure
companies
sufferedasecuritybreach
overthelastyear
SecurityWeek[17]
OpenSourcevulnerabilities
likeHeartbleed,PoodleandShellshock
affectednearlyeveryIToperation
intheworld
FinancialTrojanscontinuetobesome
ofthemostlucrativetools
forcybercrimegangs.
Symantec'sDyre:Emergingthreatonfinancialfraudlandscape[18]
Estimatedfinanciallost
from700Mcompromised
recordsshows
therealimportance
ofmanagingdatabreachrisks
400M
Verizon's2015DataInvestigationsReport[8]
OfWebAppsattacks
involveharvesting
credentialsstolenfrom
customerdevices,then
loggingtowebappswiththem
95%
Akamai'sQ12015StateoftheInternetReport[19]
ManyDdoSrelyonimproperly
securedservices,suchasNTP,DNS
andSSDP,whichmakeitpossible
forattackerstospoofsourceIPaddress
NTPtoppedthelistwith
maxattackbandwidthhitting
325Gbps,withSSDP
jumpingontheDoSboatfora
134Gbpscruise
TheadoptionofIPv6hasintroduced
newattackvectors
forcompanies,becausemanythreats
previouslyconsideredmitigatedinIPv4
wereabletobypassfirewallsandother
SecuritymeasuresonIPv6
Thetwomostobservedwebapplication
attackvectorswere
LocalFileInclusion(LFI),at66%,
andSQLInjection(SQLi),
at29%.
INTERNET
OF
THINGS
IoTisakeyenablingtechnology
fordigitalbusinesses.
Approximately3.9billionconnected
thingswereinusein2014and
thisfigure
isexpectedtoriseto25billionby2020.
Andwhiledeploymentisgrowing,
therearefactorsslowingdowntherateofadoption.
Gartner'sMarketResearch[20]
IoTdevicesareactivelypenetrating
someoftheworld'smostregulated
industriesincludinghealthcare,
energyinfrastructure,government,
Financialservicesandretail
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
SomeinfrastructurehostingIoTdata
aresusceptibletohighlypublicized
andpatchablevulnerabilitiessuchas
FREAKandHeartbleed
WhilemostIoTinfrastructure
isrunningontopof
modernserviceproviderslike
Amazon,SoftLayer,
Verizonandothers,OpenDNSSecurityLabs
discoveredthatsome
providersarealsohostingmalicious
domains.
SamsungSmartTVsuseuntrusted
certificatesfor
Itsinfolink.pavv.co.kr
domain
Healthcare,Retail,
HighEducationandOil&Gas
arethe
TopIndustryVerticalsusing
Dropcamdevices
Lookingatourdata,
thetopfiveautonomoussystems
hostingIoTinfrastructuresitesare
AS36351(Softlayer
Technologies,Inc.),
AS16509(Amazon.com,Inc.),
AS702(VerizonBusiness/UUnetEurope),
AS14618(Amazon.
com,Inc.),
andAS54113(Fastly).
Anotherfindingwasthat
184uniqueFQDNs
werefoundtobesusceptible
toCVE20150204
morecommonly
referredtoasthetheFREAKattack.
Adeepanalysisofthe
widgets.iobridge.comFQDNusing
QualysSSLLabs'onlinescanner
providedapoorresultofGradeF
forSSLciphers.
Asimplescanwithnmapofthe
widgets.iobridge.comFQDNshowed
theresultof
manyservicesthatcouldbepotentially
exploitedtogainaccesstothe
Widgetserver
Ourdatashowsthatnotallwd2go.com
domainsarevulnerable,
However.
ofthe70uniqueMyCloudstorage
endpoints,
only30werefoundto
bevulnerabletoCVE20150204.
Areastowatch:
WIFIJamming
Passwordstrengh,Reuseand
AttackResistance
Unencryptedandunauthenticatedcomms
MisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
Areastowatch:
WIFIJamming
Passwordstrengh,Reuseand
AttackResistance
Unencryptedandunauthenticatedcomms
MisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
InourresearchatIOActiveLabs,weconstantlyfind
veryvulnerabletechnologybeingused
acrossdifferentindustries.Thissametechnologyalso
isusedforcriticalinfrastructurewithout
anysecuritytesting.Althoughcitiesusually
rigorouslytestdevicesandsystemsforfunctionality,
resistancetoweatherconditions,andsoon,
thereisoftenlittleornocybersecuritytestingatall,
whichisconcerningtosaytheleast.
Cerrudo'sAnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks[23]
DATA
EXTRACTED
FROM
LINKS
[1]CyberSecurityMarketReportQ22015
[2]JuniperResearch'sTheFutureofCybercrime&Security
[3]CBInsights
[4]Anomalytics&CyberSecurityinthe21stCentury
[5]CheckPointThreatResearchsTargetedAttacksOnEnterpriseMobile
[6]CheckPointSoftwareTechnologies'sSecurityReport2015
[7]GData'sMobileMalwareReportQ12015
[8]Verizon's2015DataBreachInvestigationsReport
[9]FireEye'sMobileThreatAssessmentReport
[10]NowSecure'sSecureMobileDevelopment
[11]SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption
[12]Zimperium
[13]SkyhighNetworks'sCloudAdoption&RiskReportQ12015
[14]ResearchFox'sCloudSecurityMarketOutlook(20142018)
[15]Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers
[16]Cisco'sAnnualSecurityReport2015
[17]SecurityWeek
[18]Symantec'sDyre:Emergingthreatonfinancialfraudlandscape
[19]Akamai'sQ12015StateoftheInternetReport
[20]Gartner'sMarketResearch
[21]OpenDNS'sThe2015InternetofThingsintheEnterpriseReport
[22]Synack'sHomeAutomationBenchmarkingReport
[23]AnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks

50+ Facts About State of CyberSecurity in 2015

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

50+ Facts About State of CyberSecurity in 2015

Diunggah oleh

Hak Cipta:

Format Tersedia

50+ facts about State

This is just a compendium

The facts are focused in 4

Anda mungkin juga menyukai