The report focuses on five critical areas of security: Threat avoidance, threat response, threat detection, investigative and response capabilities.
A key portion of the report is dedicated to business and security leaders concerned with balancing cost and risk. Recommendations and strategies for minimizing the impact of threats and reducing the threat mitigation timeline are conveyed in multiple charts and real-world case studies.
Key findings in the 2014 GTIR include:
Cost for a 'minor' SQL injection attack exceeds $196,000 – Organizations must realize the true cost of an incident and learn how a small investment could reduce losses by almost 95 per cent. Case Study: “Massive Data Exfiltration via SQL Injection”.
Anti-virus fails to detect 54 per cent of new malware collected by honeypots - Additionally, 71 per cent of new malware collected from sandboxes was also undetected by over 40 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.
43 per cent of incident response engagements were the result of malware - Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organization $109,000.
Botnet activity takes an overwhelming lead at 34 percent of events observed - Almost 50 per cent of botnet activity detected in 2013 originated from US based addresses. The fact that healthcare, technology and finance account for 60 per cent of observed botnet activity reflects the information worker burden that accompanies these industries.
PCI assessed organizations are better at addressing perimeter vulnerabilities - Organizations performing quarterly external PCI Authorized Scanning Vendor (ASV) assessments have a more secure vulnerability profile, as well as a faster remediation time (27 per cent), than organizations performing unregulated assessments.
Healthcare has observed a 13 per cent increase in botnet activity - Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.
The GTIR was developed using threat intelligence and attack data from the NTT Group companies - Solutionary, NTT Com Security, Dimension Data, NTT Data and support from NTT R&D. The key findings in the GTIR are a result of the analysis of approximately three billion worldwide attacks over the course of 2013. The data analysed for this report was collected from 16 Security Operations Centers (SOC) and seven R&D centers with more than 1,300 NTT security experts and researchers from around the world.