Providing IT Security Services Not for Faint of Heart
-
A Host of IT Security Challenges
Every minute a host accesses a malicious Website, and every 24 hours a host is infected by a bot. What's more, 33% of hosts are not running the latest software versions. -
Battling the Bots
73% of organizations are infected by at least one bot; 49% have seven or more infected hosts. Sites infected by more than 22 infected hosts increased 200%. Every three minutes, a bot communicates with its command-and-control center. -
Length of Botnet Activity
On average, 77% of bots are active for more than four weeks. -
Malware Infestation
There was a 144% increase in new types of malware from 2012 to 2013. Every 10 minutes an unknown piece of malware is being downloaded. On average, 2.2 pieces of malware hit an organization per hour. -
The Trouble With Files
33% of organizations have downloaded at least one file infected with unknown malware, of which 35% of those files are PDFs. 58% of organizations download a file loaded with malware every two hours or less. -
Email as a Malware Distribution Mechanism
Analysis of detections in 2013 showed that the majority of unknown malware was targeted at customers via email, most often embedded in attachments. -
Antivirus Software
Less than 10% of antivirus software engines can detect unknown malware, and 18% of hosts studied did not have the latest signatures for antivirus solutions. -
Risky Behavior
Every nine minutes, a high-risk application is being used, and every 49 minutes, sensitive data is being sent outside the organization. 63% of organizations, for example, have BitTorrent on their networks and 85% have Dropbox. -
Vulnerabilities Decline
Databases show a decrease in the number of reported vulnerabilities to 5,191 for the year, a modest 2% year-over-year change from 2012, including a 9% drop in the number of "critical" vulnerabilities reported. -
Top Sources of IT Security Vulnerabilities
Oracle led all vendors in disclosures, with 496; followed by Cisco, with 433; IBM, with 394; and Microsoft, with 345. -
Endpoint Challenge
14% of the endpoints analyzed did not have the latest Microsoft Windows service packs; 33% of all enterprise endpoints did not have the current versions for client software. -
Endpoint Vulnerabilities
Of the enterprise endpoints analyzed, a full 38% were configured with local administrator permissions, enabling malware to run in the system (root) context when it executes. -
Servers Are the Primary Target
Despite endpoint weaknesses, servers were still the primary target by a margin of 2:1. -
Top Attack Vectors
Code execution tops the list, at 51%; followed by memory corruption, at 47%; and buffer overflow, at 36%. -
Attacks Grow in Sophistication
Attackers were employing automated mechanisms for creating evasive, unknown malware on a large scale and now target organizations through global coordinated campaigns. -
Data Loss Still Rampant
88% of organizations experienced at least one potential data loss incident.
What Partners Need to Know About HP, Inc. 
MSPs Face Big Cybersecurity Talent Gap 
Why Tech Companies Are Eager to Invest in 5G 
The Problem With Partner Referral Programs 
Microsoft Taps Channel for Digital Business 
New Technologies Will Fuel Channel Opportunities 
Channel's Transition to the Cloud Requires More Time 
Microsoft's Cloud Channel Begins to Mature 
Defining MSPs' Goals, Challenges and Tools 
Why Metrics Matter to the Channel Security is one of those opportunities that can cut both ways for an IT service provider. On one hand, demand is high for IT security services and there is much money to be made, but cleaning up after a client that has been compromised can be a costly endeavor that saps those profits. A new report from Check Point Software shows what the IT security channel is up against. A Check Point security research team analyzed a year of event data from more than 10,000 organizations to identify the critical malware and information security trends in 2013. Not only are more organizations infected by botnets and malware than ever, the sophistication of those attacks has increased considerably. In fact, the only way providers of IT security services can hope to respond to those levels of attacks is to invest more in security intelligence and automated remediation tools to create a closed-loop framework for managing IT security. The report shows that providing IT security services in this day and age is not for the faint of heart. Here's why.