The cybersecurity landscape is constantly evolving with new threats and never-before-seen vulnerabilities being discovered by security experts and, just as likely, exploited by cybercriminals at a fast pace. Breaking news alerts of widespread data breaches or high-profile hacks serve as reminders of the need for security online, but the flood of information can also be overwhelming. Let this cut through the clutter - Here are 10 facts you need to know about today's cybersecurity landscape:
1: Cybercriminals are using more zero-day vulnerabilities than ever before.
A new zero-day vulnerability was discovered on average each week in 2015, with a total of 54. Vulnerabilities can be found in almost any type of software, and there is a big draw for cybercriminals who can affect thousands if not millions of users with one exploit. See how a zero-day vulnerability works here: 30 Sec Tech Video: How Do Zero-Day Vulnerabilities Work?
2: Identity theft and loss increases in the face of a mega threat: the mega breach.
A new record of mega breaches was set in 2015, with a total of nine mega breaches affecting more than 429 million people. Plus, more companies are opting out of disclosing the full extent of breaches. Over half a billion personal records were stolen or lost in 2015.
3: New devices are being targeted by attackers.
In 2015, ransomware found new targets in smart phones, Mac, and Linux systems. This can be a very profitable attack for cybercriminals, who hold the contents of a device for ransom. Both proof-of-concept and real world attacks have also been demonstrated against internet connected devices like smart watches, smart home appliances, and connected cars.
4: The cybercriminal’s toolkit has become more sophisticated.
While cybercriminals have moved on to new device targets, the types of attacks used are also becoming more sophisticated. The number of crypto-ransomware infections grew by 35 percent in 2015. While new malware variants continue to spread. More than 430 million unique pieces of malware were found last year. At the same time, more than one million web attacks were blocked each day.
5: The internet of things can also be the internet of vulnerabilities.
In 2015, Symantec demonstrated proof-of-concept attacks against connected devices, like smart watches and televisions. Just how vulnerable are internet connected devices? Symantec research found multiple vulnerabilities in 50 commercially available devices, including a ‘smart’ door lock that could be opened remotely online without a password. Other real world and proof-of-concept attacks have been demonstrated against smart cars and even medical devices. This is just the beginning. Gartner forecasts that 6.4 billion connected things will be in use worldwide this year, a number that can easily reach 20.8 billion connected devices by the year 2020. Learn more here: Mobile Apps and IoT Device Security Has Been Overlooked... And That's A Problem.
6: Legitimate websites may not be what they seem.
Major security vulnerabilities in three quarters of popular websites put us all at risk. This is where the importance of patching could not be more apparent, and the affects of not patching software vulnerabilities can have a widespread impact. More than 75% of popular websites have unpatched vulnerabilities. When a web administrator doesn’t address this risk, website visitors can become victim to cybercriminals who gain access and manipulate the sites. Well-known legitimate sites are not always a secure destination online. There were over one million web attacks against people each day in 2015.
7: Scammers are, technically, not who you think they are.
More than 100 million fake technical support scams were blocked by Symantec in 2015. These scams have evolved from cold-calling unsuspecting victims to posing as legitimate companies and tricking people into calling fake 800 numbers themselves. Scammers are usually looking to steal personal information for financial gain.
8: Apple iOS users are now more at risk than ever before.
Symantec identified nine new iOS families in 2015. While, android users remain the main target of malicious mobile attacks. Let's also not forget that in March of 2016, the First Mac Ransomware Targeted Apple Users. Apple devices are not immune to security risks.
9: Risks on social networks could make you think twice before you “like”.
Social media has become a target for cybercriminals to carry out social engineering attacks. With an incentive, cybercriminals setup scams on social media to turn likes and follows into profit. A scam can promise large numbers of followers for free on Instagram, while fooling people into revealing their passwords. Scammers also use social media posts to bait unknowing victims into clicking a phishing URL.
10: Ransomware is still on the rise.
Symantec found that ransomware attacks have increased by 35 percent. Ransomware is not only widespread, to a cybercriminal it can also be a wildly successful way to hold your digital life hostage for financial gain. Pay the ransom, or lose you irreplaceable data. To learn what you can do to avoid this attack and steps to take if you do become a victim, read: Ransomware - What You Can Do About It.
These findings about the state of cybersecurity today have been uncovered by the 2016 Symantec Internet Security Threat Report. To learn more about this analysis of the year in global threat activity, visit: https://www.symantec.com/security-center/threat-report