The sheer increase in volume of automated attacks over the last year has created a “new normal” where security teams can’t keep up with the signal-to-noise ratio. James Trainor, acting assistant director of the FBI’s Cyber Division, claims that data breaches are up 400 percent in 2015, and the workforce for the cyber division needs to be doubled or tripled. A PWC report saw an almost 100 percent increase year over year in 2014.
The research of Kenna Security attributes this increase not to the sophistication of attacks themselves, but rather the sophistication of the attackers’ modus operandi: they are getting better at automating their attacks. The result is an unprecedented volume of attacks as well as volume of businesses exposed to these attacks. Due to the inability of Information Security teams to match the pace of automated attacks, a significant gap has appeared in the time that critical vulnerabilities appear and the time it takes for security teams to fix those vulnerabilities.
In this report, we will examine:
• How the rise of non-targeted attacks have contributed to the remediation gap
• An example of serious vulnerabilities that have gone unremediated
• Recommendations for closing the remediation gap
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program