Good news, bad news looking back at IT security in 2015

The year about to end has been ugly for many infosec pros, with embarrassing breaches and record amounts of personal data exposed.

In a look back at both big and small breaches IBM found bad and good news: Many, if not most of the security incidents to which its emergency response teams responded involve fundamental breakdowns in sound security practices “and are wholly preventable.”

The good news, IBM says, is that if organizations can take stronger responsibility and make a few small changes they’ll see a big impact for the long term.

First the trends:

  • Rise of Ransomware: This was the most commonly encountered infection. In fact, the FBI reported Cryptowall ransomware attacks have netted hackers more than US$18 million from 2014-2015. IBM researchers believe that it will remain a common threat and profitable business into 2016, migrating to mobile devices as well.
Image from IBM
Image from IBM
  • Biggest Threat May Be Inside: This is a continuation of a trend seen in 2014 when IBM [NYSE: IBM] saw hat 55 per cent of all attacks in 2014 were carried out by “insiders” or individuals who had insider access to an organizations system – knowingly or by accident.
Graphic from IBM, data from Ponemon Institute
Graphic from IBM, data from Ponemon Institute in millions of US$
  • The C-Suite Cares: In 2015, cybersecurity became a true concern at the boardroom level with more positions of power asking questions about their organizations’ security posture. In fact, a recent survey revealed that 85 per cent of CISOs said upper-level management support has been increasing, and 88 per cent said their security budgets have increased.
  • Thank the amateurs (sort of): While 80 per cent of cyberattacks are driven by highly organized and sophisticated online crime rings, it is often inexperienced hackers – aka “script kiddies” — who unknowingly alert companies to these larger, sophisticated hackers lurking on a network or inside an organization. These amateur hackers leave clues like unusual folders or files in a temporary directory, deface corporate web materials, and more. When organizations look into these mischievous attacks, they often find much more complex attacks.

There are detailed recommendations for dealing with a number of the problems IBM saw this year, which you can read in the report (see the link below). But a lot of it involves patch management, user education, proper password procedures and standard security practices. “A defense-in-depth strategy built on these components will help organizations reduce the risks we see today and expect tomorrow,” the report concudes.

Read the full report here

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now