50+ facts about state of cybersecurity in 2015
TRANSCRIPT
Marcos Ortiz (@marcosluis2186)
50+ facts about State of
#CyberSecurity in 2015
The worldwide CyberSecurity market is defined by
market sizing estimates that range from
$71 billion in 2014 to $155+ billion by 2019.
CyberSecurity Market Report Q2 2015 [1]
“Next generation” cybersecurity spending could
reach $15 billion to $20 billion
in the next 3 years.
CyberSecurity Market Report Q2 2015 [1]
Global spending on mobile and network security
estimated at $11 billion annually, and growing.
CyberSecurity Market Report Q2 2015 [1]
Cybercrime will cost Businesses
over $2 Trillion by 2019
Juniper Research's The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation’[2]
Crime involving computers and networks has cost the world economy
more than $445 billion annually, according to a 2014 report by the
Center for Strategic and International Studies.CyberSecurity Market Report Q2 2015 [1]
Demand for (U.S.) information security professionals
is expected to grow by 53 % through
2018.
CyberSecurity Market Report Q2 2015 [1]
APAC spending on critical infrastructure security
is set to hit $22 billion (USD) by 2020
CyberSecurity Market Report Q2 2015 [1]
ABI Research calculates CyberSecurity spending for healthcare protection
will only reach $10 billion globally by 2020, just under
10% of total spend on critical infrastructure security.
CyberSecurity Market Report Q2 2015 [1]
According to CB Insights, in the last 5 years,
$7.3 billion has been invested into 1,208 private CyberSecurity startups.
CBInsights [3]
“In summary, based on my years of experience in the field of Telecommunications and Cyber Security,
I see this next generation of big data streaming analytics as perhaps the only solution that could
protect against future cyberattacks in enterprise, critical infrastructure, telecommunications
and even government computers and servers and massive applications, even down to
SCADA (Supervisory Control and Data Acquisition) systems including smart cities and the world
of IoT with 50B devices connected to the internet. ”
Dr. Hossein Eslambolchi [4]
devices are infected
With Mobile surveillance and
Mobile Remote Access Trojans (mRATs)
1 in 1000
Check Point Software Technologies Threat Research: “Targeted AttacksOn Enterprise Mobile” [5]
of businesses suffered Mobile
Security incidents costing
morethan $250,000
to re mediate
42% Check Point Software Technologies's Security Report 2015 [6]
Out of Ten of Millions of devices, the number of
ones infected with truly malicious exploits
was negligible0,03% Verizon's 2015 Data Breach Investigations Report [8]
Is the Quantity of downloaded Android
apps which are vulnerableto remote attacks like
JBOH(JavaScriptBindingOverHTTP)
5 B FireEye's Mobile Threat Assessment Report [9]
of Android apps have at least one
highrisk security rating 48 % FireEye's Mobile Threat Assessment Report [9]
Of organizations do not manage
corporate data onEmployeeowned
devices
44% Check Point Software Technologies's Security Report 2015 [6]
Of app developersdo not test their apps
for Security33%
Check Point Software Technologies Security Report 2015 [6]
Is the Quantity of downloaded Android
apps which are vulnerableto remote attacks like
JBOH(JavaScriptBindingOverHTTP)
5 B FireEye's Mobile Threat Assessment Report [9]
A 2011 viaForensics study found
of popular apps sampled
stored data insecurely
83% NowSecure's Secure Mobile Development [10]
Most PopularApps
that's don't encrypt dataTop 10
Skyhigh Networks's How to Thwart Hackers and the NSA with Encryption [11]
Average number ofCloud services
in use bycompany
923 Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [13]
We found of companiespresent a high cyber
Security riskto their partners
8% Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [13]
But of data shared with partners
is uploadedto highrisk partners
29% Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [13]
While of 91 % providersencrypt data in transit
between the cloud serviceand end user, just
encrypt data stored at restin the cloud
10% Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [13]
In 2013,The market for Cloud Security
solutions was USDand is estimated to
grow at a healthyrate of 16% till 2018
3.47 B ResearchFox's Cloud Security Market – Outlook (2014 2018) [14]
90% of companieshave security concerns about
Cloud Computing and36% of companies
believe Cloud apps are less securethan onpremise apps
Bitglass's The Definitive Guide to Cloud Access Security Brokers [15]
Of respondents,say none of the security threat
defenses used are administered
through cloudbased services
13% Cisco's Annual Security Report 2015 [16]
Of organizationsstudied were infected
With bots.and a bot communicates
with a C&C every minute83% Check Point Technologies 's Security Report 2015 [6]
of critical infrastructurecompanies
suffered a security breachover the last year
70% SecurityWeek [17]
Open Source vulnerabilities like Heartbleed, Poodle and Shellshock
affected nearly every IT operationin the world
Check Point Technologies 's Security Report 2015 [6]
Financial Trojans continue to be some of the most lucrative tools
for cybercrime gangs.
Symantec 's Dyre: Emerging threat on financial fraud landscape [18]
Estimated financial lostfrom 700M compromised
records showsthe real importance
of managing data breach risks400M
Verizon's 2015 Data Investigations Report [8]
Of Web Apps attacksinvolve harvesting
credentials stolen fromcustomer devices, then
logging to web apps with them
95% Verizon's 2015 Data Investigations Report [8]
Many DdoS rely on improperly secured services, such as NTP, DNS
and SSDP, which make it possiblefor attackers to spoof source IP address
Verizon's 2015 Data Investigations Report [8]
NTP topped the list withmax attack bandwidth hitting
325 Gbps, with SSDPjumping on the DoS boat for a
134 Gbps cruise
Verizon's 2015 Data Investigations Report [8]
The adoption of IPv6 has introducednew attack vectors
for companies, because many threats previously considered mitigated in IPv4
were able to bypass firewalls and other Security measures on IPv6
Akamai 's Q1 2015 State of the Internet Report [19]
The two most observed web applicationattack vectors were
Local File Inclusion (LFI), at 66%, and SQL Injection (SQLi),
at 29%.
Akamai 's Q1 2015 State of the Internet Report [19]
IoT is a key enabling technology for digital businesses.
Approximately 3.9 billion connected things were in use in 2014 and
this figure is expected to rise to 25 billion by 2020.
And while deployment is growing, there are factors slowing down the rate of adoption.
Gartner's Market Research [20]
IoT devices are actively penetratingsome of the world's most regulated
industries including healthcare, energy infrastructure, government,
Financial services and retail
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Some infrastructure hosting IoT dataare susceptible to highlypublicized
and patchable vulnerabilities such asFREAK and Heartbleed
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
While most IoT infrastructure is running on top of
modern service providers like Amazon, SoftLayer,
Verizon and others, OpenDNS Security Labs discovered that some
providers are also hosting maliciousdomains.
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Samsung Smart TVs use untrusted certificates for
Its infolink.pavv.co.kr domain
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Healthcare, Retail, High Education and Oil & Gas
are theTop Industry Verticals using
Dropcam devices
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Looking at our data, the top five autonomous systems
hosting IoT infrastructure sites are AS36351 (Softlayer
Technologies, Inc.), AS16509 (Amazon.com, Inc.),
AS702 (Verizon Business/UUnet Europe), AS14618 (Amazon.
com, Inc.),and AS54113 (Fastly).
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Another finding was that 184 unique FQDNs
were found to be susceptible to CVE20150204
more commonlyreferred to as the the FREAK attack.
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
A deep analysis of the widgets.iobridge.com FQDN using
Qualys SSL Labs' online scanner provided a poor result of Grade F
for SSL ciphers.
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
A simple scan with nmap of the widgets.iobridge.com FQDN showed
the result ofmany services that could be potentially
exploited to gain access to theWidget server
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Our data shows that not all wd2go.com domains are vulnerable,
However.of the 70 unique MyCloud storage
endpoints,only 30 were found to
be vulnerable to CVE20150204.
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]
Areas to watch: WIFI Jamming
Password strengh, Reuse and Attack Resistance
Unencrypted and unauthenticated comms Misconfiguration of Encryption
Synack's Home Automation Benchmarking Report [22]
Areas to watch: WIFI Jamming
Password strengh, Reuse and Attack Resistance
Unencrypted and unauthenticated comms Misconfiguration of Encryption
Synack's Home Automation Benchmarking Report [22]
“In our research at IOActive Labs, we constantly find very vulnerable technology being used across different industries. This same technology also is used for critical infrastructure without any security testing. Although cities usually rigorously test devices and systems for functionality,resistance to weather conditions, and so on,there is often little or no cyber security testing at all,which is concerning to say the least.”
Cerrudo's An Emerging US (and World) Threat: Cities Wide Open to CyberAttacks[23]
[1] CyberSecurity Market Report Q2 2015[2] Juniper Research's The Future of Cybercrime & Security[3] CBInsights[4] Anomalytics & CyberSecurity in the 21st Century[5] Check Point Threat Research´s Targeted Attacks On Enterprise Mobile[6] Check Point Software Technologies's Security Report 2015[7] GData's Mobile Malware Report Q1 2015[8] Verizon's 2015 Data Breach Investigations Report
[9] FireEye's Mobile Threat Assessment Report[10] NowSecure's Secure Mobile Development [11] Skyhigh Networks's How to Thwart Hackers and the NSA with Encryption[12] Zimperium [13] Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [14] ResearchFox's Cloud Security Market – Outlook (2014 2018)[15] Bitglass's The Definitive Guide to Cloud Access Security Brokers [16] Cisco's Annual Security Report 2015
[17] SecurityWeek [18] Symantec 's Dyre: Emerging threat on financial fraud landscape [19] Akamai 's Q1 2015 State of the Internet Report[20] Gartner's Market Research [21] OpenDNS's The 2015 Internet of Things in the Enterprise Report [22] Synack's Home Automation Benchmarking Report [23] An Emerging US (and World) Threat: Cities Wide Open to CyberAttacks