Providing IT Security Services Not for Faint of Heart

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

IT Security

1 - A Host of IT Security ChallengesA Host of IT Security Challenges

Every minute a host accesses a malicious Website, and every 24 hours a host is infected by a bot. What’s more, 33% of hosts are not running the latest software versions.

2 - Battling the BotsBattling the Bots

73% of organizations are infected by at least one bot; 49% have seven or more infected hosts. Sites infected by more than 22 infected hosts increased 200%. Every three minutes, a bot communicates with its command-and-control center.

3 - Length of Botnet ActivityLength of Botnet Activity

On average, 77% of bots are active for more than four weeks.

4 - Malware InfestationMalware Infestation

There was a 144% increase in new types of malware from 2012 to 2013. Every 10 minutes an unknown piece of malware is being downloaded. On average, 2.2 pieces of malware hit an organization per hour.

5 - The Trouble With FilesThe Trouble With Files

33% of organizations have downloaded at least one file infected with unknown malware, of which 35% of those files are PDFs. 58% of organizations download a file loaded with malware every two hours or less.

6 - Email as a Malware Distribution MechanismEmail as a Malware Distribution Mechanism

Analysis of detections in 2013 showed that the majority of unknown malware was targeted at customers via email, most often embedded in attachments.

7 - Antivirus SoftwareAntivirus Software

Less than 10% of antivirus software engines can detect unknown malware, and 18% of hosts studied did not have the latest signatures for antivirus solutions.

8 - Risky BehaviorRisky Behavior

Every nine minutes, a high-risk application is being used, and every 49 minutes, sensitive data is being sent outside the organization. 63% of organizations, for example, have BitTorrent on their networks and 85% have Dropbox.

9 - Vulnerabilities DeclineVulnerabilities Decline

Databases show a decrease in the number of reported vulnerabilities to 5,191 for the year, a modest 2% year-over-year change from 2012, including a 9% drop in the number of “critical” vulnerabilities reported.

10 - Top Sources of IT Security VulnerabilitiesTop Sources of IT Security Vulnerabilities

Oracle led all vendors in disclosures, with 496; followed by Cisco, with 433; IBM, with 394; and Microsoft, with 345.

11 - Endpoint ChallengeEndpoint Challenge

14% of the endpoints analyzed did not have the latest Microsoft Windows service packs; 33% of all enterprise endpoints did not have the current versions for client software.

12 - Endpoint VulnerabilitiesEndpoint Vulnerabilities

Of the enterprise endpoints analyzed, a full 38% were configured with local administrator permissions, enabling malware to run in the system (root) context when it executes.

13 - Servers Are the Primary TargetServers Are the Primary Target

Despite endpoint weaknesses, servers were still the primary target by a margin of 2:1.

14 - Top Attack VectorsTop Attack Vectors

Code execution tops the list, at 51%; followed by memory corruption, at 47%; and buffer overflow, at 36%.

15 - Attacks Grow in SophisticationAttacks Grow in Sophistication

Attackers were employing automated mechanisms for creating evasive, unknown malware on a large scale and now target organizations through global coordinated campaigns.

16 - Data Loss Still RampantData Loss Still Rampant

88% of organizations experienced at least one potential data loss incident.

Michael Vizard
Michael Vizard
Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight, Channel Insider and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.


Get the Free Newsletter!
Subscribe to Channel Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Channel Insider for top news, trends & analysis
This email address is invalid.

Must Read