Wipro Limited a leading global information technology, consulting and business process services company today announced the launch of its first ‘State of Cyber security Report, 2017’ which highlights the macro, micro and meso environmental trends in cyber security in 2016 and imminent disruptions that can affect future trends.
The ‘State of Cyber security Report, 2017’ was developed after interviewing the CISO teams of 139 organizations across various industry sectors. The survey covered 11 countries in North America, Europe, APAC, Middle East and South Asia to evaluate trends in current security practices and analyzing thousands of attempted security attacks and incidents captured in Wipro’s Cyber Defence Centres during 2016. A secondary research was also done on impending disruptions in the cyber security domain. The report has key takeaways for both executive management tasked by the board of respective companies to minimize cyber risks and for the security analyst teams that are battling daily attacks in various Security Operations Centres around the globe.
According to the report, 2016 saw an alarming 53.6% increase in the number of records stolen across the globe as opposed to 2015. Data breaches once made public, resulted immediately in high peaking of negative sentiments on social media against the enterprise concerned, indicates the post facto twitter sentiment analysis. 56% of breaches reported had user credentials (passwords) as part of the types of data stolen, implying that further damage could be perpetrated using the stolen data.
Another finding of the report highlights that at 33.3%, angler was the most observed exploit kit. Angler, RIG, Nuclear were some of the most common types of exploit kits used by cyber criminals.
According to the report, the Cyber Defence Center (CDC) data analysis points out that 56% of all the malware attacks that have taken place in 2016 were a result of Trojans. Likewise, viruses and worms accounted for 19% and 20% respectively. Other types of malware threat categories like PUA, adware and ransomware, together, though accounted for only 4% of attacks, often can lead to significant damages.
The study found that majority of the security products were themselves vulnerable to exploitation and CISOs will be required to keep track of vulnerabilities in the security products themselves.
Interestingly, emergence of new Internet of Everything “surfaces” like connected cameras, cars, health and industrial automation devices proves to be a great launch pad for the “hacking for hire” industry. The emerging IoT devices come with a low memory and processing footprint and usually accommodate very little security capabilities including patching. Such devices, once “online” with an IP address, are easy prey for sophisticated hacking syndicates. These syndicates can develop custom malware to take control of IoT devices en masse and use them as a launch pad for cyber-attacks. The report notes that the responsibility for governance of data privacy is still highly centralized, lying with either the CIO, CISO or CPO for 71% of organizations. Managing privileged access to data was ranked as the highest control amongst data security controls.
“Cyber security is becoming a top priority for businesses. It has become very critical to identify risks near real-time and empower stakeholders to take actions and decisions based on priority. The report highlights crucial findings on attacks, vulnerabilities and cyber defence that are useful for teams across cyber security strategy, operations and risk management,” said Sheetal Mehta, Vice President and Global Head, Cyber security & Risk Services, Wipro Limited.