It’s all your fault.
At least it is to security researchers at IBM, who just released a rather comprehensive and compelling Cyber Security Intelligence Index that asserts that 95 percent of successful hack attacks or incidents were because of some type of human error.
But there’s good news here. The same researchers also noted that because of the infusion of analytic tools synced to enterprise systems, many companies are avoiding that fate when attacks are launched — unlike retailers Target and Neiman Marcus. For those stores, more than 100 million of their customers had their personal data pilfered by successful attacks last December.
The security index focused on around 1,000 of IBM’s clients spread around the globe in 133 countries. Those included in the report, said, collectively, their firewalls were attacked nearly 2 million times per week. The report noted this included the fact that spam, which is annoying but rarely dangerous, was out of control. Shocker.
Using big data analytics, the report found that only 17,000 of the events out of 91 million were serious attempts to breach and steal. In 2013, IBM security researchers reported 73,000 in 2013. That’s a significant year-over-year decrease.
Highlights include information on threats to your web applications, how spammers are foiling virtual moats, and how to prepare IT teams to get a leg up on remote incident responses.
The report was put together by IBM’s elite X-Force research and development team, which spends it days and nights studying viruses and countermeasures to stave them off. The teams hosted security management app illustrates:
Research by the IBM Hosted Application Security Management team shows that half of the organizations studied underestimate the number of web applications they have deployed, and could be exposing vulnerable assets. Broken authentication and cross-site request forgery occurred in nearly a quarter of scanned applications in 2013. The popular and widely used OpenSSL library put a huge percentage of websites at risk for data leakage of private and critical information.
You can download the report here. But you have to log in first.
The security team said distributed denial of service attacks, or DDOS, SQL injection and malware were the favored and most utilized forms of attacks.