Last week hackers stole the personal information of 4 million federal workers after the Office of Personnel Management and Interior Department were compromised. Another case of hacking was reported this week and this time the victim is the U. S. Army, which had to take down its website following this attack.
Almost every organization has a sound security infrastructure these days because of the ever-increasing threat of cyber-attacks. However, a large number of them are still vulnerable to today’s sophisticated attacks so the question is, “How can enterprises protect themselves against this dynamic threat landscape?”
A recent report by Webroot, a market leader in smarter security and collective intelligence, reveals current threat statistics, the reason behind today’s attacks, and how you can make your business foolproof against these threats. Let’s take a look at them.
Why Organizations are Still Vulnerable
According to Hal Lonas, CTO of Webroot, there are four reasons why organizations are still vulnerable:
- Outdated security practices (the most common reason).
- Lack of understanding and intelligence about today’s dynamic threat opportunities
- Inability to block previously unseen attacks
- Unavailability of tools to cut down time-to-detection for the breaches that have gone unnoticed
Here is a quick rundown of several key findings revealed in the report:
- 85,000 new malicious IPs are launched every day, and financial and technology companies remain top favorites as phishing targets
- Half of total malicious IP addresses are based in Asia. The U.S. accounts for 31% of malicious IP addresses, followed by China with 23%, Russia with 10%, and South Korea with 8%
- Spam sources hold the majority of all malicious IPs by threat type – approximately 90%
- 30% of internet users access phishing sites
- There is a 30% chance of internet users failing for a zero day phishing attack in the course of a year
- Only 28% of mobile apps on the Android Play Store were trustworthy or benign on an average
- The U.S. is the largest host of phishing sites
How Can Organizations Make Their Security Foolproof
It is essential for users and IT departments to have access to up-to-date intelligence on threats to their systems.
Today, we encounter much more advanced and smarter threats so it is important that your security controls adapt accordingly. That includes being aware of the categories of apps that are most likely to be malicious, the types of websites that are most often imitated in phishing attacks, and the latest malicious IPs.
According to Hal Lonas, an inevitable solution to combat both new and known threats is by implementing real-time, contextual, and predictive threat intelligence as a critical component in your defense-in-depth strategy.
Additionally, you should be more cautious about the websites you and your employees visit, the URLs accessed from emails, and the applications being used.
So how advanced is your security infrastructure? Are you ready to take advantage of collective threat intelligence to make your enterprise security foolproof? Please share your opinions in the comments below.