NVD Banner

The Current Threat Landscape concerning security and privacy vulnerabilities remains consistent with regard to the ever-present and expanding dangers but highly variable as to the specific penetrations and intrusions. According to Mandiant, even companies that have made “responsible and sustained investments in IT” remain at risk.

The sources of attacks and intrusions range from pranksters and hacktivists to the more serious (and well-funded) members of organized crime and corporate, economic and nation-state spies. Mandiant reports that:

  • 100% of the victims they have surveyed have up-to-date anti-virus software installed;
  • Only one-third of security and privacy breaches are discovered by firms’ internal resources;
  • 63% of breaches are discovered by third parties;
  • The median number of days intruders or malware are on systems remains too high at 243 days; and
  • All of their reported breaches involved some sort of stolen credentials

Verizon’s Breach Report revealed that cyber criminals are responsible for 83% of the data breaches discovered world-wide, although 58% of the data misappropriated was “the result of hacktivist activity.” And almost one-quarter of breaches were faciliated by feats of “Social Engineering,” in which unsuspecting employees inadvertantly aide in a breach. Threats from the proliferation of mobile devices (from the increased acceptance of BYOD in corporate IT ecosystems) and the expansion of Cloud-Based Services continue to increase the challenges that IT organizations and cyber security professionals must deal with on a daily basis. According to CISCO, mobile malware increased by over 2,500% during 2012.

The “National Vulnerability Database”, sponsored by the Department of Homeland Security’s National Cyber Security Division and the United States Computer Emergency Readiness Team, provides a wealth of information about vulnerability management, security measurement and issues of compliance. In addition, these databases provide detailed technical information about current threats and they are updated on a daily basis.

 

US-CERT Logo