IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Lifting the lid on major enterprise security threats
Thu, 4th Jun 2015
FYI, this story is more than a year old

Enterprises of today are facing an increasing number of zero-day attacks on mobile devices and networks, according to Check Point Software Technologies 2015 Security Report.

This is the company's third annual report and is based on collaborative research and analysis of more than 300,000 hours of monitored network traffic from more than 16,000 threat prevention gateways and 1 million smartphones.

The report looks at the security implications of mobility, virtualisation and other technologies; highlights the rise in targeted attacks and ‘hacktivism'; and reveals the major security threats impacting organisations today.

Key findings include:

Known and unknown malware is increasing exponentially

Last year brought the rise of malware at alarming rates - the 2015 report shows 106 unknown malware hit an organisation every hour, which is 48 times more than the 2.2 downloads per hour reported in 2013.

Unknown malware will continue to threaten the enterprise in the future, says Check Point.

According to the research, zero-day malware is even worse than unknown malware, as it's effectively built from scratch to exploit software vulnerabilities of which vendors aren't yet aware.

Cybercriminals are also continuing to use bots to amplify and accelerate the spread of malware, the report shows.

In fact, 83% of organisations studied were infected with bots in 2014, allowing constant communication and data sharing between these bots and their command and control servers.

Mobile devices are a company's biggest vulnerability

Mobile devices are the weak links in the security chain, providing easier direct access to more valuable organisational assets than any other intrusion point, says Check Point.

The research found that for an organisation with more than 2,000 devices on its network, there's a 50% chance that there are at least six infected or targeted mobile devices on their network.

Furthermore, 72% of IT providers agreed that their top mobile security challenge is securing corporate information, and 67% said their second biggest challenge is managing personal devices storing both corporate and personal data.

Corporate data is at risk, and being made aware of these risks is critical to taking the proper steps to secure mobile devices, says Check Point.

Using risky applications comes at a high price

Corporations frequently rely on applications to help their business be more organised and streamlined. However, these applications become vulnerable points of entry for businesses, Check Point says.

Some applications, such as file sharing, are obviously risky. The rise of ‘shadow IT', applications that aren't sponsored or supported by the central IT organisation, has led to even riskier business, Check Point says.

Research revealed that 96% of organisations studied used at least one high-risk application in 2014, a 10 point increase from the previous year.

Check Point research also unveiled that 12.7 high-risk application events happen every hour. This creates many opportunities for cybercriminals to access the corporate network, says Check Point.

Data loss is top of mind

Cybercriminals are not the only threat to the integrity and security of corporate data - just as quickly as a hacker could penetrate a network, in-network actions can also easily result in data loss, says Check Point.

The research found that 81% of the organisations analysed suffered a data loss incident, up 41% from 2013.

Data can unknowingly leak out of any organisation for a variety of reasons, most of those tied to current and past employee actions.

While most security strategies focus on protecting data from hackers coming in, it is equally important to protect data from the inside out, says Check Point.

"Today's cybercriminals are sophisticated and ruthless: they prey on the weaknesses in a network, approaching any security layer as an open invitation to try to hack it.

“In order to protect themselves against attacks, security professionals and organisations alike must understand the nature of the latest exploits and how their networks are potentially impacted," says Amnon Bar-Lev, Check Point Software Technologies president.

"Only by arming themselves with a combination of knowledge and strong security solutions can organisations truly protect themselves against these evolving threats.

“By making that security a critical asset to your business, you can turn security into an enabler. And in doing so, you're able to unlock innovation and foster an environment for high performance and productivity," he says.