Websense Security Labs Publishes 2015 Threat Report
The Websense® Security Labs™ team has produced our annual Threat Report, the must-read analysis of what’s really happening in the cyber landscape.
The human and technical aspects of cyber threats changed dramatically in 2014. We saw new techniques blended with the old, resulting in highly evasive attacks. While vulnerabilities were found and exploited in old infrastructure standards, developments such as the Internet of Things have emerged to present a completely new set of infrastructure challenges.
There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: Human Behavioral Trends and Technique-based Trends, to examine who’s doing what and how they are doing it. Each of the two categories will look at 4 topics of interest, to include data on:
Cybercrime Just Got Easier: In this age of MaaS (Malware-as-a-Service), even entry-level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex, multi-stage attack. We review how 99.3 percent of malicious files used a Command & Control URL that has been previously used by one or more other malware samples and what this means for an attacker and a defender.
Something New or Déjà Vu?: Threat actors are blending old tactics, such as macros, in unwanted email with new evasion techniques. Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures. We review how a business can adapt to protect itself from increasingly advanced threats and capable threat actors.
Digital Darwinism - Surviving Evolving Threats: Threat actors have focused on the quality of their attacks rather than quantity. Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013. Yet, the numerous breaches of high-profile organizations with huge security investments attest to the effectiveness of last year’s threats. We review what has changed in the threat landscape and what actions businesses can take to bolster their security posture.
Additional topics include how to face the challenge presented by the IT security skills shortage, how to build on infrastructure made brittle by OpenSSL Heartbleed and similar vulnerabilities, and how to handle the difficulties in correctly attributing an attack to an adversary.
Live Webcasts
We shall present our Threat Report 2015 in a series of webcasts, with key security experts discussing the past impact and future implications of these trends. Register now for your regional webcast, after which you will be a sent a copy of the report:
- NA: Tuesday, April 14, 11 a.m. PDT – register now >
- EMEA: Tuesday, April 14, 10:30 a.m. BST / 11:30 a.m. CEST – register now >
- APAC: Wednesday, April 15, 1 p.m. AEST – register now >
Download the 2015 Threat Report
To download the Websense 2015 Threat Report, visit http://www.websense.com/2015ThreatReport
