Published: April 25, 2017 Via: http://www.symantec.com
Symantec released their annual 2017 Internet Security Threat Report.
From the announcement: “Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups. New sophistication and innovation marked seismic shifts in the focus of attacks. Zero-day vulnerabilities and sophisticated malware were used less as nation states devolved from espionage to straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption with relatively simple IT tools and cloud services…“
The report has a section on IoT showing doubling of attacks on Symantec’s IoT honeypot over 2016 with the most attacks (by far) initiated from China. This aligns well with what we in PwC observed.
Published: April 27, 2017 Via: http://www.verizonenterprise.com
Verizon just released their tenth annual Data Breach Investigations Report (DBIR) based on analysis of 40,000 incidents and 1,935 confirmed data breaches. It’s always an interesting read.
This year there are couple of interesting trends, although no major surprises. Except maybe the absence of data around IoT and ICS. Most other industry reports and my anecdotal experience show a clear increase in attacks on cyber-physical systems (IoT and ICS). For example, the latest PwC Global State of Information Security Survey showed that in the Greater China region consumer technologies (mobile, IoT..) and operational technologies (ICS, IIoT) became the most targeted set of technologies with 42.7% and 42.1%, respectively, of respondents reported incidents in those technologies.
Published: April 25, 2017 Via: http://www.nttcomsecurity.com
This has been a busy week for annual cybersecurity reports by security providers. NTT Security also released their Global Threat Intelligence Report (GTIR).
Similarly to others, NTT found an increase of attacks on IoT with most (60%) attacks initiated from Asia.
Published: April 23, 2017 Via: https://www.edgexfoundry.org
“The Linux Foundation today announced the launch of EdgeX Foundry, an open source project to build a common open framework for Internet of Things (IoT) edge computing and an ecosystem of interoperable components that unifies the marketplace and accelerates enterprise and Industrial IoT. The initiative is aligned around a common goal: the simplification and standardization of Industrial IoT edge computing, while still allowing the ecosystem to add significant value.”
Published: April 21, 2017 Via: https://fas.org Federation of American Scientists
US Congressional Research Service published “Cybersecurity: Critical Infrastructure Authoritative Reports and Resources” report with a number of links to US reports and organizations related to critical infrastructure cyber protection. Great starting point for further research.
Published: April 27, 2017 Via: http://www.gigya.com
Gigya, an Identity Management specialist, published their “The 2017 State of Consumer Privacy and Trust” report – survey of 4,002 adults in US and UK on their attitudes and outlook towards data privacy.
Published: April 27, 2017 Via: http://www.securityweek.com
“…I firmly believe that there is no more important work in the field of cyber right now than driving a rapid, exponential advancement in the security posture of industrial control networks. The threat is at our doorstep – this is the challenge of our industry for the next decade.“
Published: April 25, 2017 Via: Frost & Sullivan – http://www.researchandmarkets.com
Frost & Sullivan published a new report forecasting the growth of APAC ICS security market. Full report costs around US$15,000, but the bottom line from the report is: “The Asia-Pacific Industrial Control Systems (ICS) Security market with estimated revenue of $380.4 million will reach $1.63 billion by 2020 at a cumulative annual growth rate of 47.2%.”
Subset of it is the Greater China market that is analyzed in a separate report (http://www.researchandmarkets.com/research/n8hn6z/greater_china) and in summary: “The Industrial Control Systems (ICS) security market is expected to experience a high compound annual growth rate of 52.5% for the next 5 years. The Greater China ICS security market is estimated to grow from $50.1 million in 2015 to $412.3 million by 2020.“
Published: April 27, 2017 Via: http://cloudflare.com
Big news in the industry this week was the Cloudflare announcement of Orbit – a private network for IoT devices. Very simplified explanation: IoT devices connect through Cloudflare and Cloudflare provides virtual patching filtering out malicious requests before they reach the devices. Plenty of commentators started looking for flaws in the idea – from concentration of risk at Cloudflare to affordability for any non-subscription-based IoT devices. My personal take is that this could significantly improve IoT cyber resilience.