Solutionary Releases NTT Group 2014 Global Threat Intelligence Report

By Peter Bernstein March 27, 2014

Every time a leading security company releases a report on their detailed research on the state of enterprise or personal security I hold my breath. Are things as bad as they seem? Are they getting worse? Are the white hats keeping up with the black hats?  When will the trends reverse direction? 

Getting answers to these is why I read the reports cover to cover. It is also why, since researchers come from different perspectives and look at different data sets, I like to recommend for download the ones that resonate. Such is the case with the release by Solutionary (a managed security services provider that since last August is an NTT Group security company) of the NTT Group 2014 Global Threat Intelligence Report (GTIR).  

The GTIR, developed using threat intelligence and attack data and contributions from the entire NTT Group security companies for the first time—which includes Solutionary, NTT Com Security, Dimension Data, NTT Innovation Institute and NTT Data—to put it mildly has amassed a wealth of information for IT professionals to evaluate.

Report finds getting security basics in place and having response plan are key to protection

This was a huge effort. More than 1,300 NTT security experts and researchers – from nine regions, seven R&D centers and 16 Security Operations Centers (SOC) around the world – collected and analyzed approximately three billion attacks during 2013 to produce the key findings in the GTIR. 

The report focuses on five critical areas of security:

  • Threat avoidance
  • Threat response
  • Threat detection
  • Investigative capabilities
  • Response capabilities  

What readers will find valuable is the detailed section on striking a balance of security costs versus the risks of not having the right protection. Also worth spending time on are the recommendations and strategies for minimizing the impact of threats and reducing the threat mitigation timeline which are conveyed in multiple charts and real-world case studies.

This is an extensive cataloging and analysis of the mischief perpetrated in 2013. In addition, as Solutionary points out, the primary objective of the 2014 GTIR is to emphasize to security professionals and C-level executives that the security basics, when done right, can be enough to mitigate and even avoid the high-profile, costly data breach altogether.

The report emphasizes that the best chance to reduce the impact of threats comes from combining threat avoidance and threat response capabilities into a strategic approach.

Rather than leave you in suspense, here are some of the key findings with brief notes on their impact:

  • Cost for a “minor” SQL injection attack exceeds $196,000 – Organizations must realize the true cost of an incident and learn how a small investment could reduce losses by almost 95 percent. Case Study: “Massive Data Exfiltration via SQL Injection”
  • Anti-virus fails to detect 54 percent of new malware collected by honeypots – Additionally, 71 percent of new malware collected from sandboxes was also undetected by over 40 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.
  • 43 percent of incident response engagements were the result of malware – Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organization $109,000.
  • Botnet activity takes an overwhelming lead at 34 percent of events observed – Almost 50 percent of botnet activity detected in 2013 originated from U.S. based addresses. The fact that healthcare, technology and finance account for 60 percent of observed botnet activity reflects the information worker burden that accompanies these industries.
  • PCI assessed organizations are better at addressing perimeter vulnerabilities - Organizations performing quarterly external PCI Authorized Scanning Vendor assessments have a more secure vulnerability profile, as well as a faster remediation time (27 percent), than organizations performing unregulated assessments.
  • Healthcare has observed a 13 percent increase in botnet activity – Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.

Rob Kraus, director of research, Solutionary Security Engineering Research Team, stated that, “The 2014 GTIR underscores the importance of doing the basics right. It also backs it up with examples and findings that are both actionable for the deepest of security practitioners and succinct enough for the Fortune 100 CEO.”

To whet readers’ appetites, below is a graphic from the report that looks at attack types. There is a significant amount of granular data on these along with which markets are favorite targets. As Kraus explained to TMC, the bad news is what he called the “weaponization of vulnerabilities.” 

Source:  NTT Group 2014 Global Threat Intelligence Report (GTIR)

In discussing the report with TMC, Kraus made a few points about the survey that amplified the NTT concerning doing the basics. “Not only does the report show how many companies are not doing the basics—such as missing patches, mis-configuring servers, not have updated anti-virus capabilities, etc., which could mitigate a lot of risks—but even those doing the basics are not doing them well.” In fact, he noted that many of the problems detected by the researchers were developed by bad actors in the 2004-2011 time period and that solutions to them have been around for a while but have not been implemented by many IT departments.

“This does not mean that advanced detection and control capabilities are not advised. We believe that having the right and best tools to mitigate the greatest amount of risk is the path to follow, and that sophisticated protection, early detection, rapid validation and fast response must be the goal. However, it does mean that a significant amount of risk can be mitigated just by following simple common sense and staying on top of things,” Kraus explained. 

Kraus and his team hope readers will focus additional basic blocking and tackling items. These include: making sure your company has done a risk assessment; has an incident plan in place (surprising only 8-10 percent of companies have a tested plan in place); and had money put aside if there is an incident.

Kraus added that, “The GTIR highlights not just the importance of doing the basics well, but also understanding that this is as much about people and process as it is about technology. Organizations, for example, that do lifecycle management of their resources achieve a better security posture than those who don’t. Plus, once a security assessment has been done, those who understand that the financial commitment is to process and not to a project and hence set aside the resources needed to monitor and control things as the attacks continue to increase in frequency and sophistication are the ones best positioned to avoid potentially catastrophic consequences.”

As the first point about the cost of a “minor” SQL injection attack exceeding $196,000 illustrates, when bad things happen costs can run up very quickly, and this does not include the costs associated with things like the damage to brand reputation, legal liabilities and other collateral damage. It is also why this report is interesting reading not just for IT, but for C-levels across an enterprise.  

Edited by Cassandra Tucker
Related Articles

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More

TMC Launches The New Intelligence - an Unparalleled AI and Machine Learning Conference & Expo in Florida

By: TMCnet News    6/28/2018

TMC announced the launch of The New Intelligence conference and expo - The Event Powering the AI Revolution. This exciting new event will take place o…

Read More