11 Important Facts to Know About IT Security
-
Number of Exploit Kits Drops Sharply
Law enforcement is becoming more effective, but new kits are always being developed. The number of exploit kits has dropped by 87% since the alleged creator of the widely popular Blackhole exploit kit was arrested last year. -
Know Your Exploits
Not every vulnerability translates into an actual exploit. Of the 2,528 vulnerability alerts published from January to June 2014, 28 were identified as being actively exploited. -
Top IT Security Targets
With most attacks focused on applications, the rest of the IT environment often gets overlooked. Applications only account for 31% of the attacks; the rest are aimed elsewhere. -
Man-in-the-Browser Attacks on the Rise
Nearly 94 percent of customer networks have traffic going to Websites that host malware. Domain Name System (DNS) requests for host names where the IP address to which the host name resolves are reported to be associated with the distribution of Palevo, SpyEye, and Zeus malware families that incorporate man-in-the-browser (MiTB) functionality. -
Botnet Hide and Seek
Few legitimate outbound connection attempts from enterprises should seek dynamic DNS (DDNS) domains. Nearly 70% of networks were identified as issuing DNS queries for DDNS. This shows evidence of networks misused or compromised, with botnets using DDNS to alter their IP address to avoid detection/blacklist. -
Encrypting Stolen Data
Hackers cover their tracks by "exfiltrating data" using encrypted channels to avoid detection. Nearly 44% of customer networks have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services. -
Java Still a Major Security Concern
Security is one of the major reasons there has been a proliferation of programming language adoption. Java exploits rose to 93% of all indicators of compromise (as of May 2014.) -
Spam on the Rise Again
After a decline last year, spam is back. Spam volumes have increased to the point that spam is now at its highest level since late 2010. -
Emerging Threat Vectors
Hackers are looking for the latest, weakest link. Attacks aimed at WordPress sites, POS terminals as well as social engineering tactics and "malvertising" are all on the rise. -
Vertical Industries Under Attack
Hackers are shifting to where the intellectual property is. Media and publishing led the industry verticals, posting nearly four times the median Web malware encounters. The pharmaceutical and chemical industry is now second while aviation slid into third place. -
Vertical Industry Attacks by Geography
The top most affected verticals by region were media and publishing in the Americas; food and beverage in the EMEA (Europe, the Middle East and Africa) region, and insurance in APJC (Asia-Pacific, China, Japan and India).
What Partners Need to Know About HP, Inc. 
MSPs Face Big Cybersecurity Talent Gap 
Why Tech Companies Are Eager to Invest in 5G 
The Problem With Partner Referral Programs 
Microsoft Taps Channel for Digital Business 
New Technologies Will Fuel Channel Opportunities 
Channel's Transition to the Cloud Requires More Time 
Microsoft's Cloud Channel Begins to Mature 
Defining MSPs' Goals, Challenges and Tools 
Why Metrics Matter to the Channel When it comes to IT security, there is much to be learned simply by observing. The Cisco 2014 Midyear Security Report drives that point home—not only by noting that there has been a significant drop in the number of exploit kits available to hackers, but also by identifying patterns that hackers appear to be exploiting routinely. Based on research conducted across 16 multinational organizations with more than $4 trillion in assets, the Cisco study found that while some issues such as the security of Java remain paramount concerns, the avenues of attack are starting to shift. In particular, WordPress sites and point-of-sale (POS) systems appear to be highly vulnerable. For solution providers in the channel that spend an inordinate amount of time cleaning up after these attacks, that information can be critical. The more attacks solution providers can thwart, the more profitable they stand to be. After all, the labor and other costs associated with cleaning up after a successful IT attack can exceed the actual revenue associated with delivering the security service in the first place. Of course, to be forewarned should be enough for solution providers with security expertise to be forearmed.