This year a significant amount of security events such as WannaCry, Petya, and NotPetya occurred adversely affecting a wide variety of social and economic activities. To mitigate threats brought by such events IT and security teams have spared no effort in combating against such attacks for the security and protection of their organizations. It is worth noting that network attack events have resulted in an economic loss of up to $50- billion USD globally. With various new techniques and threat environments rapidly evolving it is necessary to constantly examine various practices, techniques, system configurations, and ecological environments to uphold the greatest security in-depth as possible.
In the era of the Internet of everything (IoE) there is no individual organization that is always 100% secure. Instead of being aggressive to completely prevent penetration and disclosure defenders tend to control the risks within the acceptable level to avoid the “broken window effect” which makes any security measure less effective leading to attacks at a higher success rate. To achieve an enhanced security level, defenders must assess the overall security posture and target systems to align security policies, best practices, and standardization with the assessment results. Moreover, executives and operating teams can use threat intelligence as an auxiliary means to determine their current security posture, observe threat actor motivations, and tune policy architecture accordingly.
Data shared by Gartner at the security summit in the Washington D.C suggested that in recent years an astonishing 300 million new malware strains have emerged exploiting dozens of known vulnerabilities. According to monitoring data analyzed during the first half of 2017, the number of exploitations of the top 10 vulnerabilities accounted for 50.8% of the total exploitations.
Threat intelligence provides a valuable reference for security teams to develop effective security protection policies and courses of action that permits for reduced time of exposure to vulnerabilities and thus maximize the return on investment for defenders. In this process, NSFOCUS would like to collaborate with organizations (including regulatory authorities, security vendors, and businesses) and individuals from all walks of life to tackle cyber threats and build a secure cyberspace.
To review a detailed breakdown of trends and statistical analysis on attack data pertaining to DDoS attacks, web security, threats & vulnerabilities, and ransomware click on the link below.
Download your free copy of NSFOCUS’s 2017 mid-year cybersecurity report here: