50+ facts about State of CyberSecurity in 2015

Marcos Ortiz (@marcosluis2186)
50+ facts about State
of
#CyberSecurity
in 2015

This is just a compendium
of the main facts, numbers and
stats
of CyberSecurity Industry

The facts are focused in 4
Sectors:

Mobile

Cloud
Security

Network
Security
Internet of
Things

The worldwide
CyberSecurity market is defined by
market
sizing estimates
that range from
$71 billion in
2014 to $155+ billion by 2019.
CyberSecurity Market Report Q2 2015 [1]

“Next generation” cybersecurity
spending could
reach $15 billion
to $20 billion
in the next 3 years.

Global spending on mobile
and network security
estimated at $11 billion annually,
and growing.

Cybercrime will
cost Businesses
over $2 Trillion by
2019
Juniper Research's The Future of Cybercrime & Security: Financial and
Corporate Threats & Mitigation’[2]

Crime involving computers and networks
has cost the world economy
more than $445 billion annually,
according to a 2014 report by the
Center for Strategic and
International Studies.

Demand for (U.S.)
information security professionals
is expected to grow
by 53 % through
2018.

APAC spending
on critical infrastructure security
is set to hit $22 billion (USD)
by 2020

ABI Research calculates CyberSecurity
spending for healthcare protection
will only reach $10 billion
globally by 2020, just under
10% of total spend on
critical infrastructure security.

According to CB Insights,
in the last 5 years,
$7.3 billion has been invested into
1,208 private CyberSecurity startups.
CBInsights [3]

“In summary, based on my years of experience in the field of
Telecommunications and Cyber Security,
I see this next generation of big data streaming analytics
as perhaps the only solution that could
protect against future cyberattacks in enterprise,
critical infrastructure, telecommunications
and even government computers and servers and
massive applications, even down to
SCADA (Supervisory Control and Data Acquisition)
systems including smart cities and the world
of IoT with 50B devices connected to the internet. ”
Dr. Hossein Eslambolchi [4]

devices are
infected
With
Mobile surveillance and
Mobile Remote Access Trojans
(mRATs)
1 in 1000
Check Point Software Technologies Threat Research: “Targeted Attacks
On Enterprise Mobile” [5]

of businesses suffered
Mobile
Security incidents
costing
more
than $250,000
to re mediate
42%
Check Point Software Technologies's Security Report 2015 [6]

new Android
Malware
Samples
everyday
4,900
GData's Mobile Malware Report Q1 2015 [7]

Out of Ten of Millions of
devices, the number of
ones infected with
truly malicious exploits
was negligible0,03%
Verizon's 2015 Data Breach Investigations Report [8]

Is the Quantity of downloaded
Android
apps which are vulnerable
to remote attacks like
JBOH
(JavaScriptBindingOverHTTP)
5 B
FireEye's Mobile Threat Assessment Report [9]

of Android apps have
at least one
highrisk security rating
48 %
FireEye's Mobile Threat Assessment Report [9]

Of organizations do not
manage
corporate data on
Employeeowned
devices
44%
Check Point Software Technologies's Security Report 2015 [6]

Of app developers
do not test their apps
for Security
33%
Check Point Software Technologies Security Report 2015 [6]

A 2011 viaForensics
study
found
of popular apps
sampled
stored data insecurely
83%
NowSecure's Secure Mobile Development [10]

Most Popular
Apps
that's don't encrypt
data
Top 10
Skyhigh Networks's How to Thwart Hackers and the NSA with Encryption [11]

of Android devices
could be affected
by
dangerous Stagefright
bug
95%
Zimperium [12]

Average number of
Cloud services
in use by
company
923
Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015 [13]

We found of companies
present a high cyber
Security risk
to their partners
8%

But of data shared
with partners
is uploaded
to highrisk partners
29%

While of 91 % providers
encrypt data in transit
between the cloud service
and end user, just
encrypt data stored at rest
in the cloud
10%

In 2013,
The market for Cloud Security
solutions was USD
and is estimated to
grow at a healthy
rate of 16% till 2018
3.47 B
ResearchFox's Cloud Security Market – Outlook (2014 2018) [14]

90% of companies
have security concerns about
Cloud Computing and
36% of companies
believe Cloud apps are less secure
than onpremise apps
Bitglass's The Definitive Guide to Cloud Access Security Brokers [15]

Of respondents,
say none of the security threat
defenses used are
administered
through cloudbased
services
13%
Cisco's Annual Security Report 2015 [16]

Of organizations
studied were infected
With bots.
and a bot communicates
with a C&C every minute83%
Check Point Technologies 's Security Report 2015 [6]

DdoS attacks ocurred
every day in 2014
48

of critical infrastructure
companies
suffered a security breach
over the last year
70%
SecurityWeek [17]

Open Source vulnerabilities
like Heartbleed, Poodle and Shellshock
affected nearly every IT operation
in the world

Financial Trojans continue to be some
of the most lucrative tools
for cybercrime gangs.
Symantec 's Dyre: Emerging threat on financial fraud landscape [18]

Estimated financial lost
from 700M compromised
records shows
the real importance
of managing data breach risks
400M
Verizon's 2015 Data Investigations Report [8]

Of Web Apps attacks
involve harvesting
credentials stolen from
customer devices, then
logging to web apps with them
95%

Akamai 's Q1 2015 State of the Internet Report [19]

Many DdoS rely on improperly
secured services, such as NTP, DNS
and SSDP, which make it possible
for attackers to spoof source IP address

NTP topped the list with
max attack bandwidth hitting
325 Gbps, with SSDP
jumping on the DoS boat for a
134 Gbps cruise

The adoption of IPv6 has introduced
new attack vectors
for companies, because many threats
previously considered mitigated in IPv4
were able to bypass firewalls and other
Security measures on IPv6

The two most observed web application
attack vectors were
Local File Inclusion (LFI), at 66%,
and SQL Injection (SQLi),
at 29%.

IoT is a key enabling technology
for digital businesses.
Approximately 3.9 billion connected
things were in use in 2014 and
this figure
is expected to rise to 25 billion by 2020.
And while deployment is growing,
there are factors slowing down the rate of adoption.

Gartner's Market Research [20]

IoT devices are actively penetrating
some of the world's most regulated
industries including healthcare,
energy infrastructure, government,
Financial services and retail
OpenDNS's The 2015 Internet of Things in the Enterprise Report [21]

Some infrastructure hosting IoT data
are susceptible to highlypublicized
and patchable vulnerabilities such as
FREAK and Heartbleed

While most IoT infrastructure
is running on top of
modern service providers like
Amazon, SoftLayer,
Verizon and others, OpenDNS Security Labs
discovered that some
providers are also hosting malicious
domains.

Samsung Smart TVs use untrusted
certificates for
Its infolink.pavv.co.kr
domain

Healthcare, Retail,
High Education and Oil & Gas
are the
Top Industry Verticals using
Dropcam devices

Looking at our data,
the top five autonomous systems
hosting IoT infrastructure sites are
AS36351 (Softlayer
Technologies, Inc.),
AS16509 (Amazon.com, Inc.),
AS702 (Verizon Business/UUnet Europe),
AS14618 (Amazon.
com, Inc.),
and AS54113 (Fastly).

Another finding was that
184 unique FQDNs
were found to be susceptible
to CVE20150204
more commonly
referred to as the the FREAK attack.

A deep analysis of the
widgets.iobridge.com FQDN using
Qualys SSL Labs' online scanner
provided a poor result of Grade F
for SSL ciphers.

A simple scan with nmap of the
widgets.iobridge.com FQDN showed
the result of
many services that could be potentially
exploited to gain access to the
Widget server

Our data shows that not all wd2go.com
domains are vulnerable,
However.
of the 70 unique MyCloud storage
endpoints,
only 30 were found to
be vulnerable to CVE20150204.

Areas to watch:
WIFI Jamming
Password strengh, Reuse and
Attack Resistance
Unencrypted and unauthenticated comms
Misconfiguration of Encryption
Synack's Home Automation Benchmarking Report [22]

“In our research at IOActive Labs, we constantly find
very vulnerable technology being used
across different industries. This same technology also
is used for critical infrastructure without
any security testing. Although cities usually
rigorously test devices and systems for functionality,
resistance to weather conditions, and so on,
there is often little or no cyber security testing at all,
which is concerning to say the least.”

Cerrudo's An Emerging US (and World) Threat: Cities Wide Open to CyberAttacks[23]

[1] CyberSecurity Market Report Q2 2015
[2] Juniper Research's The Future of Cybercrime & Security
[3] CBInsights
[4] Anomalytics & CyberSecurity in the 21st Century
[5] Check Point Threat Research´s Targeted Attacks On Enterprise Mobile
[6] Check Point Software Technologies's Security Report 2015
[7] GData's Mobile Malware Report Q1 2015
[8] Verizon's 2015 Data Breach Investigations Report

[9] FireEye's Mobile Threat Assessment Report
[10] NowSecure's Secure Mobile Development
[11] Skyhigh Networks's How to Thwart Hackers and the NSA with Encryption
[12] Zimperium
[13] Skyhigh Networks's Cloud Adoption & Risk Report Q1 2015
[14] ResearchFox's Cloud Security Market – Outlook (2014 2018)
[15] Bitglass's The Definitive Guide to Cloud Access Security Brokers
[16] Cisco's Annual Security Report 2015

[17] SecurityWeek
[18] Symantec 's Dyre: Emerging threat on financial fraud landscape
[19] Akamai 's Q1 2015 State of the Internet Report
[20] Gartner's Market Research
[21] OpenDNS's The 2015 Internet of Things in the Enterprise Report
[22] Synack's Home Automation Benchmarking Report
[23] An Emerging US (and World) Threat: Cities Wide Open to CyberAttacks

50+ facts about State of CyberSecurity in 2015

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 50+ facts about State of CyberSecurity in 2015

Similar to 50+ facts about State of CyberSecurity in 2015 (20)

More from Marcos Ortiz Valmaseda

More from Marcos Ortiz Valmaseda (9)

Recently uploaded

Recently uploaded (20)

50+ facts about State of CyberSecurity in 2015