Attack traffic observed by F-Secure’s network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.
Recent survey data suggests that many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection. F-Secure’s survey* found that 22 percent of companies did not detect a single attack in a 12-month period. Twenty percent of respondents detected a single attack during that time frame, and 31 percent detected two to five attacks.
For perspective, F-Secure’s detection and response solutions detected 15 threats in a single month at a company with 1300 endpoints** and seven threats in a single month at a company with 325 endpoints***. Roughly one third of F-Secure’s survey respondents indicated that they were using a detection and response solution or service.
None of these trends surprise F-Secure Vice President of Cyber Security Products Research & Development Leszek Tasiemski.
“Today’s threats are completely different from 10 or even five years ago. Preventative measures and strategies won’t stop everything anymore, so I’ve no doubt that many of the companies surveyed don’t have a full picture of what’s going on with their security,” Tasiemski said. “Many organisations don’t really value security until an incident threatens to cost them a lot of money, so I’m not completely surprised that there are companies detecting zero attacks over the course of a year.”
Additional highlights in F-Secure’s research include:
- Telnet was the most commonly targeted TCP port, which is likely the result of increasing numbers of compromised Internet-of-Things (IoT) devices searching for additional vulnerable devices.
- Companies working in finance and ICT detected the most attacks, while organisations in healthcare and manufacturing detected the fewest.
- The largest source and destination of observed attack traffic were US-based IP addresses.
- Nginx was the most popular source of web-based attacks.
“Organisations that run detection and response solutions tend to have a better understanding of what should and shouldn’t be done, both to prepare against attacks and in the event of an attack taking place,” comments Grant Chapman, MD of local F-Secure Distributor Cybervision. “Not only does F-Secure’s RDR provide visibility into a network’s attack surface to identify vulnerabilities and help put measure in place to ensure that most of the standard attacks get blocked, but it also suggests preventative measures that need to be taken to protect a network further,” he adds.
Incident detection and response are fundamental in maintaining a healthy security strategy in any organisation, the majority of which usually take months or even years to figure out that they have indeed already been breached. This is one of the compelling reasons as to why organisations need to shift their focus from trying to prevent all the possible threats out there to detecting and stopping the incidents that are bypassing their basic protection.
F-Secure’s Rapid Detection & Response (RDR) is a dedicated incident detection and response solution that has been configured by F-Secure to only collect events related to potential threats. The F-Secure RDR solution includes lightweight intrusion detection sensors for endpoints, networks and decoy servers that are deployed across an organisation’s IT infrastructure. The sensors monitor activities initiated by the attackers and stream all the information to F-Secure’s cloud in real-time.
*Source: Survey consisted of an online survey of 3,350 IT decision-makers, influencers, and managers from 12 countries.
Nobody knows cybersecurity like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
CyberVision Pty Ltd is an IT security value-added distribution company that conducts business throughout Africa through a variety of resellers of various sizes and differing specialisations. The key personnel at CyberVision individually have over 20 years each of experience in data and network security with F-Secure’s solutions and have supplied services to many types of organisations in Africa, ranging from SMEs to large banks, insurers and government departments. Working with leading organisations in industry has resulted in an extensive understanding of security, allowing for a competitive advantage when it comes to ensuring that the right solutions are in place to adequately secure the networks of organisations of all sizes and types.
With offices in Johannesburg and Cape Town as well as a presence in Kwazulu-Natal, CyberVision has full-service teams capable of providing resellers and their customers with the necessary support services to ensure that their endpoint protection, vulnerability scanning and penetration testing is conducted efficiently and effectively to help prevent security breaches on their networks. All F-Secure solutions are relied upon for much of CyberVision’s security expertise in mitigating risks and helping organisations manage complex security challenges with a business-focused man-and-machine combined approach.