In 2016, the world’s biggest cyberthreats were related to money, information and a desire to disrupt. They included the underground trade of tens of thousands of compromised server credentials, hijacked ATM systems, ransomware and mobile banking malware – as well as targeted cyberespionage attacks and the hacking and dumping of sensitive data. These trends, their impact and the supporting data are covered in the annual Kaspersky Security BulletinReviewandStatisticsreports, published today.
In 2016 Kaspersky Lab research also discovered the extent to which companies struggle to quickly spot a security incident: 28.7% said it took them several days to discover such an event, while 19% admitted it took weeks or more. For a small but significant minority of 7.1%, it took months. Among those that struggled most, eventual discovery often came about through an external or internal security audit, or an alert from a third party, such as a client or a customer. Further details on how a delay in detection impacts business recovery costs can be found in the Executive Summary of the review.
“The number and range of cyberattacks and their victims seen in 2016 has put the subject of better detection at the top of the business agenda. Detection is now a complex process that requires security intelligence, a deep knowledge of the threat landscape, and the skills to apply that expertise to each individual organization. Our analysis of cyberthreats over the years has revealed both patterns and unique approaches. This accumulated understanding underpins our active defense tools, as we believe protection technologies should be powered by security intelligence. It also sits at the heart of our growing number of partnerships and collaborations. We use the past to prepare for the future, so that we can continue to protect our customers from undetected threats, before they do any harm,” said David Emm, Principal Security Researcher, Kaspersky Lab.
Threat Predictions 2017 available here.
Story of the Year: The Ransomware Revolution available here. It also includes advice on how to stay safe and why not to pay the ransom.
Review of the Year: Executive Summary, available on Securelist.
Reviewof the Year: Full Report, available here.
Statistics, available here.