Report: Symantec 2017 Internet Security Threat Report

Link: https://www.symantec.com/security-center/threat-report

Published: April 25, 2017 Via: http://www.symantec.com

Symantec released their annual 2017 Internet Security Threat Report.

From the announcement: “Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups. New sophistication and innovation marked seismic shifts in the focus of attacks. Zero-day vulnerabilities and sophisticated malware were used less as nation states devolved from espionage to straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption with relatively simple IT tools and cloud services…

The report has a section on IoT showing doubling of attacks on Symantec’s IoT honeypot over 2016 with the most attacks (by far) initiated from China. This aligns well with what we in PwC observed.

Symantec ISTR


Report: Verizon 2017 Data Breach Investigations Report

Link: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017

Published: April 27, 2017 Via: http://www.verizonenterprise.com

Verizon just released their tenth annual Data Breach Investigations Report (DBIR) based on analysis of 40,000 incidents and 1,935 confirmed data breaches. It’s always an interesting read.

This year there are couple of interesting trends, although no major surprises. Except maybe the absence of data around IoT and ICS. Most other industry reports and my anecdotal experience show a clear increase in attacks on cyber-physical systems (IoT and ICS). For example, the latest PwC Global State of Information Security Survey showed that in the Greater China region consumer technologies (mobile, IoT..) and operational technologies (ICS, IIoT) became the most targeted set of technologies with 42.7% and 42.1%, respectively, of respondents reported incidents in those technologies.

Verizon 2017 DBIR


Report: NTT Security Global Threat Intelligence Report 2017

Link: https://www.nttcomsecurity.com/us/gtir-2017/

Published: April 25, 2017 Via: http://www.nttcomsecurity.com

This has been a busy week for annual cybersecurity reports by security providers. NTT Security also released their Global Threat Intelligence Report (GTIR).

Similarly to others, NTT found an increase of attacks on IoT with most (60%) attacks initiated from Asia.

NTT GTIR


News: New EdgeX Foundry Unifies the IoT Marketplace to Accelerate Enterprise IoT Deployments

Link: https://www.edgexfoundry.org/announcement/2017/04/23/new-edgex-foundry-unifies-the-iot-marketplace-to-accelerate-enterprise-iot-deployments/

Published: April 23, 2017 Via: https://www.edgexfoundry.org

The Linux Foundation today announced the launch of EdgeX Foundry, an open source project to build a common open framework for Internet of Things (IoT) edge computing and an ecosystem of interoperable components that unifies the marketplace and accelerates enterprise and Industrial IoT. The initiative is aligned around a common goal: the simplification and standardization of Industrial IoT edge computing, while still allowing the ecosystem to add significant value.”


Resource: Cybersecurity: Critical Infrastructure Authoritative Reports and Resources

Link: https://fas.org/sgp/crs/misc/R44410.pdf

Published: April 21, 2017 Via: https://fas.org Federation of American Scientists

US Congressional Research Service published “Cybersecurity: Critical Infrastructure Authoritative Reports and Resources” report with a number of links to US reports and organizations related to critical infrastructure cyber protection. Great starting point for further research.

FAS Critical Infrastructure


Survey: The 2017 State of Consumer Privacy and Trust

Link: http://www.gigya.com/resource/report/2017-state-of-consumer-privacy-trust/

Published: April 27, 2017 Via: http://www.gigya.com

Gigya, an Identity Management specialist, published their “The 2017 State of Consumer Privacy and Trust” report – survey of 4,002 adults in US and UK on their attitudes and outlook towards data privacy.

Survey shows growing apprehension over the security of IoT devices, with 69% of respondents either “Very Concerned” or “Concerned” about the security of their personal data on devices like smart watches, connected cars, fitness trackers and home appliances.

Gigya Privacy Survey


Article: The Threat to Critical Infrastructure – Growing Right Beneath Our Eyes

Link: http://www.securityweek.com/threat-critical-infrastructure-growing-right-beneath-our-eyes

Published: April 27, 2017 Via: http://www.securityweek.com

…I firmly believe that there is no more important work in the field of cyber right now than driving a rapid, exponential advancement in the security posture of industrial control networks. The threat is at our doorstep – this is the challenge of our industry for the next decade.


Market Report: Asia-Pacific Industrial Control Systems Security Market, Forecast to 2020

Link: http://www.researchandmarkets.com/research/3p9ckv/asiapacific

Published: April 25, 2017 Via: Frost & Sullivan – http://www.researchandmarkets.com

Frost & Sullivan published a new report forecasting the growth of APAC ICS security market. Full report costs around US$15,000, but the bottom line from the report is: “The Asia-Pacific Industrial Control Systems (ICS) Security market with estimated revenue of $380.4 million will reach $1.63 billion by 2020 at a cumulative annual growth rate of 47.2%.”

Subset of it is the Greater China market that is analyzed in a separate report (http://www.researchandmarkets.com/research/n8hn6z/greater_china) and in summary: “The Industrial Control Systems (ICS) security market is expected to experience a high compound annual growth rate of 52.5% for the next 5 years. The Greater China ICS security market is estimated to grow from $50.1 million in 2015 to $412.3 million by 2020.

APAC ICS Forecast


News: Cloudflare announced Orbit: A Private Network for IoT Devices

Link: https://blog.cloudflare.com/orbit/

Published: April 27, 2017 Via: http://cloudflare.com

Big news in the industry this week was the Cloudflare announcement of Orbit – a private network for IoT devices. Very simplified explanation: IoT devices connect through Cloudflare and Cloudflare provides virtual patching filtering out malicious requests before they reach the devices. Plenty of commentators started looking for flaws in the idea – from concentration of risk at Cloudflare to affordability for any non-subscription-based IoT devices. My personal take is that this could significantly improve IoT cyber resilience.