When it comes to keeping your enterprise systems secure your protection is only as good as its weakest link. DDoS attacks, spammers, malware writers, bandits and criminal gangs are working hard to undermine your protection and the battle never ends. Here are some reports from the frontline fight to keep IT secure.
your government might not be ready to fight hackers
67 percent of US government cybersecurity professionals don’t think their department is ready to fend off hackers, they revealed in a recent Meritalk survey. And 54 percent of users struggle to keep track of their passwords, the report points out.
123456 is the most popular password
Splashdata last year warned that 123456 had become the most widely used password of 2013, eclipsing the previously most popular password, which is “password”. A French citizen in 2012 accidentally breached the French Central Bank’s ‘secure’ servers over the phone using the password 123456. That breach triggered a 48-hour shutdown of the French credit history system.
160 million credit cards stolen
In one of the biggest data breaches ever seen, hackers targeted banks, payment processing companies and large retailers to steal over 160 million credit and debit card numbers. Five Russian and one Ukrainian hacker placed malware on the NASDAQ computer network, which enabled them to steal these log in credentials for over seven years. They took around $300 million in that time.
99 per cent of mobile malware targets Android
If you use Android devices you should beware: not only has Android malware increased by 600 percent in the last 12-months (Juniper), but almost one in every ten Android apps is partially or completely infected with malware (Cheetah Mobile). Cisco claims 99 percent of all mobile malware in 2013 was aimed at Android -- this has huge implications for mobile device security in your enterprise.
Java accounts for 91 percent of Web exploits
It is highly probable you use Oracle’s Java solution somewhere in your enterprise infrastructure, but did you know Java accounted for 91 percent of all identified Web exploits and 14 percent of all successful PC exploits in Cisco Systems' recent 2014 Annual Security Report? What’s worse, 76 percent of enterprises continue to use Java 6, which Oracle officially retired last year and no longer issues security updates for. Time to upgrade?
87 per cent of email is spam
The first spam email was accidentally sent in 1978 when DEC shipped a new computer and operating system. Things have moved on since then, now 247 billion emails are sent every day, but 87 per cent of these are spam – that’s around 214 billion spam emails daily. You don’t see all of these, of course – the majority are spotted and quarantined by spam filters.
there are 7,000 DDoS attacks each day
Malicious hackers launch over 7,000 Distributed Denial of Service (DDoS) attacks each day, according to Akamai Technologies’ Prolexic subsidiary. These attacks don’t just aim to knock Web sites offline, they can also damage communication systems, email servers, bill-pay applications and much more. These attacks pose a significant danger to businesses, governments and other organizations, Akamai warns.
hackers stole 1.2 billion passwords
Russian hackers used SQL Injection attacks to seize 1.2 billion passwords from poorly secured user databases on 420,000 Websites. Targeted sites included both big Fortune 500 organizations and small Websites. Many of these sites remain vulnerable. Successful SQL Injection attacks can yield all kinds of useful data, including credit card details and enterprise login data.
the largest botnet comprises 1.9 million computers
Perhaps the largest known existing botnet consists of 1.9 million slave computers gathered together by the ZeroAccess botnet. Once subverted these Windows PCs generate tens of millions of dollars each year in click fraud, while bitcoin mining on the botnet potentially uses up enough energy to power 110,000 homes each day. Security professionals remain unable to end this threat.
most Web apps are vulnerable
96 percent of all Web applications are vulnerable to cyber-attack, says Cenzic’s Application Security Trends Report 2014. The report warns that 23 percent of these Web app vulnerabilities can be used to get hold of user-specific data. Enterprise security pros should embrace continuous application monitoring rather than annual security assessments to protect against app security problems, the analysts warn.
US Nuclear agency fights 10 million hack attempts each day
In 2012, the National Nuclear Security Administration, an arm of the Energy Department, recorded 10 million attempted hacks. Less than one hundredth of a percent can be categorized as “successful attacks” the agency said – so a worrying 1,000 successful attacks daily…
underfunding undermines Internet security
The widely reported Heartbleed flaw in OpenSSL left most of the Internet vulnerable to an undetectable attack for two years before discovery in April 2014. The OpenSSL project is deeply underfunded and exists on just $2,000/year, meaning it lacks resources to check code adequately – and that’s a problem across the open source foundations of the Internet.
30 percent of online traffic comes from bad bots
Research from security firm Incapsula claims 61.5 percent of online traffic is generated by non-human entities, including search engine bots. It’s not just search engines, however: Incapsula warns that 30.5 percent of online traffic bad bots. These bad bots try to steal email addresses, post malware links, hijack Web servers and deface Websites, among other things.
cracking passwords is surprisingly easy
A typical home computer can guess an 11-character passcode in under two months. How long would it take to crack yours? Check that out for yourself using this powerful tool. Hackers use dictionaries of common words, phrases and character combinations to break security fast. Security expert Bruce Schneier recommends using a personally memorable sentence to turn into a password: “I like hot wine and cinnamon,” may become Ilkhotwac@7, for example.
We hope these stories help illustrate the multi-faceted nature of online security threats to enterprise and consumer computer users.
Security pros must protect their systems against all possible attacks across every single one of these attack vectors, thinking about everything from tough password protection and policy to monitoring for unauthorized traffic patterns on networks. The security challenge is immense, the threats ever-changing.
Please take a look at these pages to find out how Orange Business can help you protect your systems – and your enterprise – against such threats, known and unknown.
Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men's interest magazine, Calibre Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He's really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.