50+ facts about state of cybersecurity in 2015
DESCRIPTION
This is a quick review of the State of CyberSecurity industry in 2015, using insights and data from leader companies in the industry like Check Point Software Technologies, Cisco, Akamai, NowSecure, OpenDNS, Skyhigh Networks and more. The scope of the report is focused in four sectors: Mobile, Internet of Things, Cloud Security and Network Security.http://www.slideshare.net/marcosluis2186/50-facts-about-state-of-cybersecurity-in-2015TRANSCRIPT
-
MarcosOrtiz(@marcosluis2186)
50+ facts about State of
#CyberSecurity in 2015
-
AGENDA
-
This is just a compendiumof the main facts, numbers and
statsof CyberSecurity Industry
-
SCOPE
-
The facts are focused in 4Sectors:
Mobile
Cloud
Security
Network Security
Internet of Things
-
GENERALFACTS
-
TheworldwideCyberSecuritymarketisdefinedby
marketsizingestimatesthatrangefrom$71billionin
2014to$155+billionby2019.
CyberSecurityMarketReportQ22015[1]
-
Nextgenerationcybersecurityspendingcould
reach$15billionto$20billion
inthenext3years.
CyberSecurityMarketReportQ22015[1]
-
Globalspendingonmobileandnetworksecurity
estimatedat$11billionannually,andgrowing.
CyberSecurityMarketReportQ22015[1]
-
CybercrimewillcostBusinesses
over$2Trillionby2019
JuniperResearch'sTheFutureofCybercrime&Security:FinancialandCorporateThreats&Mitigation[2]
-
Crimeinvolvingcomputersandnetworkshascosttheworldeconomy
morethan$445billionannually,accordingtoa2014reportbythe
CenterforStrategicandInternationalStudies.CyberSecurityMarketReportQ22015[1]
-
Demandfor(U.S.)informationsecurityprofessionals
isexpectedtogrowby53%through
2018.
CyberSecurityMarketReportQ22015[1]
-
APACspendingoncriticalinfrastructuresecurityissettohit$22billion(USD)
by2020
CyberSecurityMarketReportQ22015[1]
-
ABIResearchcalculatesCyberSecurityspendingforhealthcareprotection
willonlyreach$10billiongloballyby2020,justunder
10%oftotalspendoncriticalinfrastructuresecurity.
CyberSecurityMarketReportQ22015[1]
-
AccordingtoCBInsights,inthelast5years,
$7.3billionhasbeeninvestedinto1,208privateCyberSecuritystartups.
CBInsights[3]
-
Insummary,basedonmyyearsofexperienceinthefieldofTelecommunicationsandCyberSecurity,
Iseethisnextgenerationofbigdatastreaminganalyticsasperhapstheonlysolutionthatcould
protectagainstfuturecyberattacksinenterprise,criticalinfrastructure,telecommunications
andevengovernmentcomputersandserversandmassiveapplications,evendownto
SCADA(SupervisoryControlandDataAcquisition)systemsincludingsmartcitiesandtheworld
ofIoTwith50Bdevicesconnectedtotheinternet.
Dr.HosseinEslambolchi[4]
-
MOBILE
-
devicesareinfected
WithMobilesurveillanceand
MobileRemoteAccessTrojans(mRATs)
1 in 1000
CheckPointSoftwareTechnologiesThreatResearch:TargetedAttacksOnEnterpriseMobile[5]
-
ofbusinessessufferedMobile
Securityincidentscosting
morethan$250,000
toremediate
42% CheckPointSoftwareTechnologies'sSecurityReport2015[6]
-
newAndroidMalwareSampleseveryday4,900
GData'sMobileMalwareReportQ12015[7]
-
OutofTenofMillionsofdevices,thenumberof
onesinfectedwithtrulymaliciousexploits
wasnegligible0,03% Verizon's2015DataBreachInvestigationsReport[8]
-
IstheQuantityofdownloadedAndroid
appswhicharevulnerabletoremoteattackslike
JBOH(JavaScriptBindingOverHTTP)
5 B FireEye'sMobileThreatAssessmentReport[9]
-
ofAndroidappshaveatleastone
highrisksecurityrating48 % FireEye'sMobileThreatAssessmentReport[9]
-
Oforganizationsdonotmanage
corporatedataonEmployeeowned
devices
44% CheckPointSoftwareTechnologies'sSecurityReport2015[6]
-
Ofappdevelopersdonottesttheirapps
forSecurity33%
CheckPointSoftwareTechnologiesSecurityReport2015[6]
-
IstheQuantityofdownloadedAndroid
appswhicharevulnerabletoremoteattackslike
JBOH(JavaScriptBindingOverHTTP)
5 B FireEye'sMobileThreatAssessmentReport[9]
-
A2011viaForensicsstudyfound
ofpopularappssampled
storeddatainsecurely
83% NowSecure'sSecureMobileDevelopment[10]
-
MostPopularApps
that'sdon'tencryptdataTop 10
SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption[11]
-
ofAndroiddevicescouldbeaffected
bydangerousStagefright
bug95% Zimperium[12]
-
CLOUDSECURITY
-
AveragenumberofCloudservices
inusebycompany
923 SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
-
Wefoundofcompaniespresentahighcyber
Securityrisktotheirpartners
8% SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
-
Butofdatasharedwithpartnersisuploaded
tohighriskpartners29%
SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
-
Whileof91%providersencryptdataintransit
betweenthecloudserviceandenduser,just
encryptdatastoredatrestinthecloud
10% SkyhighNetworks'sCloudAdoption&RiskReportQ12015[13]
-
In2013,ThemarketforCloudSecurity
solutionswasUSDandisestimatedtogrowatahealthy
rateof16%till2018
3.47 B ResearchFox'sCloudSecurityMarketOutlook(20142018)[14]
-
90%ofcompanieshavesecurityconcernsabout
CloudComputingand36%ofcompanies
believeCloudappsarelesssecurethanonpremiseapps
Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers[15]
-
Ofrespondents,saynoneofthesecuritythreat
defensesusedareadministered
throughcloudbasedservices
13% Cisco'sAnnualSecurityReport2015[16]
-
NETWORKSECURITY
-
Oforganizationsstudiedwereinfected
Withbots.andabotcommunicates
withaC&Ceveryminute83% CheckPointTechnologies'sSecurityReport2015[6]
-
DdoSattacksocurredeverydayin201448
CheckPointTechnologies'sSecurityReport2015[6]
-
ofcriticalinfrastructurecompanies
sufferedasecuritybreachoverthelastyear
70% SecurityWeek[17]
-
OpenSourcevulnerabilitieslikeHeartbleed,PoodleandShellshock
affectednearlyeveryIToperationintheworld
CheckPointTechnologies'sSecurityReport2015[6]
-
FinancialTrojanscontinuetobesomeofthemostlucrativetools
forcybercrimegangs.
Symantec'sDyre:Emergingthreatonfinancialfraudlandscape[18]
-
Estimatedfinanciallostfrom700Mcompromised
recordsshowstherealimportance
ofmanagingdatabreachrisks400M
Verizon's2015DataInvestigationsReport[8]
-
OfWebAppsattacksinvolveharvesting
credentialsstolenfromcustomerdevices,then
loggingtowebappswiththem
95% Verizon's2015DataInvestigationsReport[8]
-
Akamai'sQ12015StateoftheInternetReport[19]
-
Akamai'sQ12015StateoftheInternetReport[19]
-
ManyDdoSrelyonimproperlysecuredservices,suchasNTP,DNSandSSDP,whichmakeitpossible
forattackerstospoofsourceIPaddress
Verizon's2015DataInvestigationsReport[8]
-
NTPtoppedthelistwithmaxattackbandwidthhitting
325Gbps,withSSDPjumpingontheDoSboatfora
134Gbpscruise
Verizon's2015DataInvestigationsReport[8]
-
TheadoptionofIPv6hasintroducednewattackvectors
forcompanies,becausemanythreatspreviouslyconsideredmitigatedinIPv4wereabletobypassfirewallsandother
SecuritymeasuresonIPv6
Akamai'sQ12015StateoftheInternetReport[19]
-
Thetwomostobservedwebapplicationattackvectorswere
LocalFileInclusion(LFI),at66%,andSQLInjection(SQLi),
at29%.
Akamai'sQ12015StateoftheInternetReport[19]
-
INTERNETOF
THINGS
-
IoTisakeyenablingtechnologyfordigitalbusinesses.
Approximately3.9billionconnectedthingswereinusein2014and
thisfigureisexpectedtoriseto25billionby2020.
Andwhiledeploymentisgrowing,therearefactorsslowingdowntherateofadoption.
Gartner'sMarketResearch[20]
-
IoTdevicesareactivelypenetratingsomeoftheworld'smostregulated
industriesincludinghealthcare,energyinfrastructure,government,
Financialservicesandretail
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
SomeinfrastructurehostingIoTdataaresusceptibletohighlypublicizedandpatchablevulnerabilitiessuchas
FREAKandHeartbleed
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
WhilemostIoTinfrastructureisrunningontopof
modernserviceproviderslikeAmazon,SoftLayer,
Verizonandothers,OpenDNSSecurityLabsdiscoveredthatsome
providersarealsohostingmaliciousdomains.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
SamsungSmartTVsuseuntrustedcertificatesfor
Itsinfolink.pavv.co.krdomain
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Healthcare,Retail,HighEducationandOil&Gas
aretheTopIndustryVerticalsusing
Dropcamdevices
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Lookingatourdata,thetopfiveautonomoussystems
hostingIoTinfrastructuresitesareAS36351(SoftlayerTechnologies,Inc.),
AS16509(Amazon.com,Inc.),AS702(VerizonBusiness/UUnetEurope),
AS14618(Amazon.com,Inc.),
andAS54113(Fastly).
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Anotherfindingwasthat184uniqueFQDNs
werefoundtobesusceptibletoCVE20150204morecommonly
referredtoasthetheFREAKattack.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Adeepanalysisofthewidgets.iobridge.comFQDNusing
QualysSSLLabs'onlinescannerprovidedapoorresultofGradeF
forSSLciphers.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Asimplescanwithnmapofthewidgets.iobridge.comFQDNshowed
theresultofmanyservicesthatcouldbepotentially
exploitedtogainaccesstotheWidgetserver
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Ourdatashowsthatnotallwd2go.comdomainsarevulnerable,
However.ofthe70uniqueMyCloudstorage
endpoints,only30werefoundto
bevulnerabletoCVE20150204.
OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[21]
-
Areastowatch:WIFIJamming
Passwordstrengh,ReuseandAttackResistance
UnencryptedandunauthenticatedcommsMisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
-
Areastowatch:WIFIJamming
Passwordstrengh,ReuseandAttackResistance
UnencryptedandunauthenticatedcommsMisconfigurationofEncryption
Synack'sHomeAutomationBenchmarkingReport[22]
-
InourresearchatIOActiveLabs,weconstantlyfindveryvulnerabletechnologybeingusedacrossdifferentindustries.Thissametechnologyalsoisusedforcriticalinfrastructurewithoutanysecuritytesting.Althoughcitiesusuallyrigorouslytestdevicesandsystemsforfunctionality,resistancetoweatherconditions,andsoon,thereisoftenlittleornocybersecuritytestingatall,whichisconcerningtosaytheleast.
Cerrudo'sAnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks[23]
-
DATAEXTRACTED
FROM
-
LINKS
-
[1]CyberSecurityMarketReportQ22015[2]JuniperResearch'sTheFutureofCybercrime&Security[3]CBInsights[4]Anomalytics&CyberSecurityinthe21stCentury[5]CheckPointThreatResearchsTargetedAttacksOnEnterpriseMobile[6]CheckPointSoftwareTechnologies'sSecurityReport2015[7]GData'sMobileMalwareReportQ12015[8]Verizon's2015DataBreachInvestigationsReport
-
[9]FireEye'sMobileThreatAssessmentReport[10]NowSecure'sSecureMobileDevelopment[11]SkyhighNetworks'sHowtoThwartHackersandtheNSAwithEncryption[12]Zimperium[13]SkyhighNetworks'sCloudAdoption&RiskReportQ12015[14]ResearchFox'sCloudSecurityMarketOutlook(20142018)[15]Bitglass'sTheDefinitiveGuidetoCloudAccessSecurityBrokers[16]Cisco'sAnnualSecurityReport2015
-
[17]SecurityWeek[18]Symantec'sDyre:Emergingthreatonfinancialfraudlandscape[19]Akamai'sQ12015StateoftheInternetReport[20]Gartner'sMarketResearch[21]OpenDNS'sThe2015InternetofThingsintheEnterpriseReport[22]Synack'sHomeAutomationBenchmarkingReport[23]AnEmergingUS(andWorld)Threat:CitiesWideOpentoCyberAttacks
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Slide 72Slide 73