Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

NTT INNOVATION INSTITUTE ANNOUNCES AVAILABILITY OF 2014 GLOBAL THREAT INTELLIGENCE REPORT

Published by Gbaf News

Posted on April 1, 2014

Featured image for article about Technology

Analysis of three billion attacks in 2013 reveals SQL Injections cost $196,000 and anti-virus solutions fail more than half the time

NTT Innovation Institute (NTT I³) has announced the release of the 2014 NTT Group Global Threat Intelligence Report (GTIR). The report focuses on five critical areas of security: Threat avoidance, threat response, threat detection, investigative and response capabilities. A key portion of the report is dedicated to business and security leaders concerned with balancing cost and risk. Recommendations and strategies for minimising the impact of threats and reducing the threat mitigation timeline are conveyed in multiple charts and real-world case studies.

The primary goal of the NTT Group GTIR is to raise awareness with C-level executives and security professionals alike that when the basics of security are done right, it can be enough to mitigate and even avoid the high-profile security and data breaches. We believe information security should be a strategic imperative that is an effective mix of threat avoidance, threat detection and threat response.

The NTT Group GTIR uses real-world case studies of several security incidents and provides recommendations for minimising the impact of threats through easy to understand strategies and charts. We have also included our research on several Distributed Denial of Service (DDoS) attacks, malware attacks and the latest botnet activity.

Key findings in the 2014 GTIR include:

Cost for a ‘minor’ SQL injection attack exceeds $196,000 – Organisations must realise the true cost of an incident and learn how a small investment could reduce losses by almost 95 per cent. Case Study: “Massive Data Exfiltration via SQL Injection”.
Anti-virus fails to detect 54 per cent of new malware collected by honeypots – Additionally, 71 per cent of new malware collected from sandboxes was also undetected by over 40 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.
43 per cent of incident response engagements were the result of malware – Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organisation $109,000.
Botnet activity takes an overwhelming lead at 34 percent of events observed – Almost 50 per cent of botnet activity detected in 2013 originated from US based addresses. The fact that healthcare, technology and finance account for 60 per cent of observed botnet activity reflects the information worker burden that accompanies these industries.
PCI assessed organisations are better at addressing perimeter vulnerabilities – Organisations performing quarterly external PCI Authorised Scanning Vendor (ASV) assessments have a more secure vulnerability profile, as well as a faster remediation time (27 per cent), than organisations performing unregulated assessments.
Healthcare has observed a 13 per cent increase in botnet activity – Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.

The GTIR was developed using threat intelligence and attack data from the NTT Group companies – Solutionary, NTT Com Security, Dimension Data, NTT Data and support from NTT R&D. The key findings in the GTIR are a result of the analysis of approximately three billion worldwide attacks over the course of 2013. The data analysed for this report was collected from 16 Security Operations Centers (SOC) and seven R&D centres with more than 1,300 NTT security experts and researchers from around the world.

“The report represents the culmination of months of research from our world-renowned experts and it strives to provide C-level executives and IT departments a platform to come together and discuss the foundation of their security programs in a way that benefits enterprises in today’s Digital Economy,” said NTT Innovation Institute CEO, Srini Koushik. “The 2014 NTT Group GTIR describes the evolving global threat landscape and underscores the importance of doing the basics right. It also backs it up with real-world case studies and actionable insights for security practitioners and succinct enough for the Fortune 100 CEO.”