The cost of for a "minor" SQL injection attack exceeds R2 086 911, according to the 2014 NTT Group Global Threat Intelligence Report. The objective of these attacks is to fool database systems into running malicious code that reveals sensitive information, or otherwise compromise servers.
The cost of for a "minor" SQL injection attack exceeds R2 086 911, according to the 2014 NTT Group Global Threat Intelligence Report. The objective of these attacks is to fool database systems into running malicious code that reveals sensitive information, or otherwise compromise servers.
Organisations should realise the true cost of an incident – and learn how a small investment could reduce losses by almost 95%, said the report.
By analysing three billion attacks worldwide in 2013, the report found that anti-virus solutions fail more than half the time.
Additionally, 71% of new malware collected from sandboxes (isolated computing environments used by software developers to test new programming code) was also undetected by over 40, different, anti-virus solutions, said the report.
The report recommended that endpoint solutions must be augmented by network malware detection and purpose-built solutions.
Of the incident response engagements, the report found that 43% were the result of malware.
Missing anti-virus, anti-malware systems and (in)effective life-cycle management were key factors in a significant portion of these engagements, the report found.
Botnet activity (a group of computers connected in a coordinated fashion for malicious purposes) accounted for 34% of events observed, and almost 50% of botnet activity detected in 2013 originated from U.S.-based addresses.
The report said healthcare, technology and finance account for 60% of observed botnet activity.
The report found that when the basics of security are done right, it can be enough to mitigate, or avoid entirely, high-profile security and data breaches: Organisations performing quarterly, external, payment card industry(PCI)-authorised scanning vendor assessments have a more secure vulnerability profile, as well as a faster remediation time (27%), than organisations performing unregulated assessments.
Healthcare has observed a 13% increase in botnet activity, due to increased reliance on interconnected systems for the exchange and monitoring of health-related data. This means more systems are potentially affected by malware.
The data analysed was collected from 16 security operations centres and seven research and development centres worldwide.
More than 1,300 NTT security experts and researchers globally, were involved.
The report focused on five critical areas of security: avoidance, response, detection, investigative and response capabilities.
