Every year Symantec issues an Internet Security Threat report, which gathers data from its products, services and third party sources to paint a picture of the security landscape. What it found in 2013 wasn’t pretty – and that was before Heartbleed.

These are numbers that should have every organization concerned: The number of identities exposed through data breaches last year was astonishing. Mobile threats are increasing but users seem indifferent.

If you want to do something to improve your organization’s security, consider advice in the U.S. National Institute of Standards and Technology’s cyber security framework or its framework for critical infrastructure.

Year of the Mega Breach

Because eight breaches in 2013 each exposed greater than 10 million identities — including Target — 2013 has been been dubbed the Year of Mega Breach.  The total number was 62 percent greater than in 2012 with 253 total breaches, and up from 208 breaches in 2011. In 2012 only one breach exposed over 10 million identities. In 2011, only five were of that size.

INSIDE Internet threats slide show one

 Record breaches

Over 552 million identities were breached in 2013, putting consumer’s credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, login, passwords, and other personal information into the criminal underground. By contrast 2011 saw 232 million identities exposed, half of the number in 2013.

INSIDE Internet threats slide show two

Web of vulnerabilities

Scans of public websites by Symantec found that 78 per cent of sites contained vulnerabilities.  Sixteen per cent of them were classified as critical vulnerabilities that could allow attackers to access sensitive data, alter the website’s content or compromise visitors’ computers. This means that when an attacker looks for a site to compromise, one in eight sites make it relatively easy to gain access.

INSIDE Interet threat slide show three

Fishing around

Reports of the death of spear phishing are greatly exaggerated. While the total number of emails used per campaign has decreased and the number of those targeted has also decreased, the number of spear phishing campaigns themselves saw a 91 per cent rise in 2013.

INSIDE Internet threats slide show four

 

Digging for gold

While the most targeted attacks in 2013 were against governments and the services industry, the industries at most risk of attack were mining, governments and then manufacturing. Their odds of being attacked are 1 in 2.7, 1 in 3.1 and 1 in 3.2 respectively.

INSIDE Internet slide show five

There’s a sucker born …

Users continue to fall for scams on social media sites. Fake offers such as free cell phone minutes accounted for the largest number of attacks of Facebook users in 2013 – 81 per cent in 2013 compared to 56 per cent in 2012. And while 12 per cent of social media users say someone has hacked into their social network account and pretended to be them, a quarter continue to shared their social media passwords with others and a third connect with people they don’t know.

INSIDE Internet threats slide show six

Risky business

Only half of mobile users take basic security precautions, yet 38 per cent have experienced mobile cybercrime. Lost or stolen devices remain the biggest risk, but mobile users don’t make things easy: They storing sensitive files online (52 per cent), store work and personal information in the same online storage accounts (24 per cent) and sharing logins and passwords with families (21 per cent) and friends (18 per cent), putting their data and their employers’ data at risk.

INSIDE Internet threats slide show seven

What to do

The SANS Institute has a top 20 list of IT critical controls. We can’t list them all, but consider these: Start with an inventory of authorized devices and software on the network, build a secure image for all systems and regularly update configurations, regularly run automated vulnerability scans. For more see http://www.sans.org/critical-security-controls

INSIDE Internet threats slide show eight


Previous articleThe great divide
Next articleTop nine ways to write safer software
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com