Solutionary Releases NTT Group 2014 Global Threat Intelligence Report


Every time a leading security company releases a report on their detailed research on the state of enterprise or personal security I hold my breath. Are things as bad as they seem? Are they getting worse? Are the white hats keeping up with the black hats?  When will the trends reverse direction? 

Getting answers to these is why I read the reports cover to cover. It is also why, since researchers come from different perspectives and look at different data sets, I like to recommend for download the ones that resonate. Such is the case with the release by Solutionary (a managed security services provider that since last August is an NTT Group security company) of the NTT Group 2014 Global Threat Intelligence Report (GTIR).  

The GTIR, developed using threat intelligence and attack data and contributions from the entire NTT Group security companies for the first time—which includes Solutionary, NTT Com Security, Dimension Data, NTT Innovation Institute and NTT Data—to put it mildly has amassed a wealth of information for IT professionals to evaluate.

Report finds getting security basics in place and having response plan are key to protection

This was a huge effort. More than 1,300 NTT security experts and researchers – from nine regions, seven R&D centers and 16 Security Operations Centers (SOC) around the world – collected and analyzed approximately three billion attacks during 2013 to produce the key findings in the GTIR. 

The report focuses on five critical areas of security:

  • Threat avoidance
  • Threat response
  • Threat detection
  • Investigative capabilities
  • Response capabilities  

What readers will find valuable is the detailed section on striking a balance of security costs versus the risks of not having the right protection. Also worth spending time on are the recommendations and strategies for minimizing the impact of threats and reducing the threat mitigation timeline which are conveyed in multiple charts and real-world case studies.

This is an extensive cataloging and analysis of the mischief perpetrated in 2013. In addition, as Solutionary points out, the primary objective of the 2014 GTIR is to emphasize to security professionals and C-level executives that the security basics, when done right, can be enough to mitigate and even avoid the high-profile, costly data breach altogether.

The report emphasizes that the best chance to reduce the impact of threats comes from combining threat avoidance and threat response capabilities into a strategic approach.

Rather than leave you in suspense, here are some of the key findings with brief notes on their impact:

  • Cost for a “minor” SQL injection attack exceeds $196,000 – Organizations must realize the true cost of an incident and learn how a small investment could reduce losses by almost 95 percent. Case Study: “Massive Data Exfiltration via SQL Injection”
  • Anti-virus fails to detect 54 percent of new malware collected by honeypots – Additionally, 71 percent of new malware collected from sandboxes was also undetected by over 40 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.
  • 43 percent of incident response engagements were the result of malware – Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organization $109,000.
  • Botnet activity takes an overwhelming lead at 34 percent of events observed – Almost 50 percent of botnet activity detected in 2013 originated from U.S. based addresses. The fact that healthcare, technology and finance account for 60 percent of observed botnet activity reflects the information worker burden that accompanies these industries.
  • PCI assessed organizations are better at addressing perimeter vulnerabilities - Organizations performing quarterly external PCI Authorized Scanning Vendor assessments have a more secure vulnerability profile, as well as a faster remediation time (27 percent), than organizations performing unregulated assessments.
  • Healthcare has observed a 13 percent increase in botnet activity – Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.

Rob Kraus, director of research, Solutionary Security Engineering Research Team, stated that, “The 2014 GTIR underscores the importance of doing the basics right. It also backs it up with examples and findings that are both actionable for the deepest of security practitioners and succinct enough for the Fortune 100 CEO.”

To whet readers’ appetites, below is a graphic from the report that looks at attack types. There is a significant amount of granular data on these along with which markets are favorite targets. As Kraus explained to TMC, the bad news is what he called the “weaponization of vulnerabilities.” 

Source:  NTT Group 2014 Global Threat Intelligence Report (GTIR)

In discussing the report with TMC, Kraus made a few points about the survey that amplified the NTT concerning doing the basics. “Not only does the report show how many companies are not doing the basics—such as missing patches, mis-configuring servers, not have updated anti-virus capabilities, etc., which could mitigate a lot of risks—but even those doing the basics are not doing them well.” In fact, he noted that many of the problems detected by the researchers were developed by bad actors in the 2004-2011 time period and that solutions to them have been around for a while but have not been implemented by many IT departments.

“This does not mean that advanced detection and control capabilities are not advised. We believe that having the right and best tools to mitigate the greatest amount of risk is the path to follow, and that sophisticated protection, early detection, rapid validation and fast response must be the goal. However, it does mean that a significant amount of risk can be mitigated just by following simple common sense and staying on top of things,” Kraus explained. 

Kraus and his team hope readers will focus additional basic blocking and tackling items. These include: making sure your company has done a risk assessment; has an incident plan in place (surprising only 8-10 percent of companies have a tested plan in place); and had money put aside if there is an incident.

Kraus added that, “The GTIR highlights not just the importance of doing the basics well, but also understanding that this is as much about people and process as it is about technology. Organizations, for example, that do lifecycle management of their resources achieve a better security posture than those who don’t. Plus, once a security assessment has been done, those who understand that the financial commitment is to process and not to a project and hence set aside the resources needed to monitor and control things as the attacks continue to increase in frequency and sophistication are the ones best positioned to avoid potentially catastrophic consequences.”

As the first point about the cost of a “minor” SQL injection attack exceeding $196,000 illustrates, when bad things happen costs can run up very quickly, and this does not include the costs associated with things like the damage to brand reputation, legal liabilities and other collateral damage. It is also why this report is interesting reading not just for IT, but for C-levels across an enterprise.  

Edited by Cassandra Tucker
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More