Palo Alto, California – March 27, 2014 – NTT Innovation Institute (NTT I³) is pleased to announce the release of the 2014 NTT Group Global Threat Intelligence Report (GTIR). This report focuses on the rapidly evolving global threat landscape and provides insights for business and security leaders concerned with balancing enterprise risk against the need for business agility and managing increasing costs of information risk management and regulatory compliance.
The primary goal of the NTT Group GTIR is to raise awareness with C-level executives and security professionals alike that when the basics of Security are done right, it can be enough to mitigate and even avoid the high-profile security and data breaches. We believe information security should be a strategic imperative that is an effective mix of threat avoidance, threat detection and threat response.
The NTT Group GTIR uses real-world case studies of several security incidents and provides recommendations for minimizing the impact of threats through easy to understand strategies and charts. We have also included our research on several Distributed Denial of Service (DDoS) attacks, malware attacks and the latest botnet activity. Other key findings in the 2014 GTIR include:
• Cost for a “minor” SQL injection attack exceeds $196,000 – Organizations must realize the true cost of an incident and learn how a small investment could reduce losses by almost 95 percent. Case Study: “Massive Data Exfiltration via SQL Injection”
• Anti-virus fails to detect 54 percent of new malware collected by honeypots – Additionally, 71 percent of new malware collected from sandboxes was also undetected by 11 different anti-virus solutions. This supports the premise that simple endpoint solutions must be augmented with network malware detection and purpose-built solutions.
• 43 percent of incident response engagements were the result of malware – Missing anti-virus, anti-malware and effective lifecycle management of these basic controls were key factors in a significant portion of these engagements. Read the “Administrator Releases a Worm” case study to see how it cost one organization $109,000.
• Botnet activity takes an overwhelming lead at 34 percent of events observed – Almost 50 percent of botnet activity detected in 2013 originated from U.S. based addresses. The fact that healthcare, technology and finance account for 60 percent of observed botnet activity reflects the information worker burden that accompanies these industries.
• PCI assessed organizations are better at addressing perimeter vulnerabilities – Organizations performing quarterly external PCI Authorized Scanning Vendor (ASV) assessments have a more secure vulnerability profile, as well as a faster remediation time (27 percent), than organizations performing unregulated assessments
• Healthcare has observed a 13 percent increase in botnet activity – Due to increased reliance on interconnected systems for the exchange and monitoring of health related data, more systems are potentially affected by malware.
The GTIR was developed using threat intelligence and attack data from the NTT Group companies – Dimension Data, NTT Com Security, NTT Data, Solutionary and NTT R&D. The key findings in the GTIR are a result of the analysis of approximately three billion worldwide attacks over the course of 2013. The data analyzed for this report was collected from sixteen Security Operations Centers (SOC) and seven R&D centers with more than 1,300 NTT security experts and researchers from around the world.
“The report represents the culmination of months of research from our world-renowned experts and it strives to provide C-level executives and IT departments a platform to come together and discuss the foundation of their security programs in a way that benefits enterprises in today’s Digital Economy,” said NTT Innovation Institute, CEO Srini Koushik, “The 2014 NTT Group GTIR describes the evolving global threat landscape and underscores the importance of doing the basics right. It also backs it up with real-world case studies and actionable insights for the security practitioners and succinct enough for the Fortune 100 CEO.”
To access the full report, please visit: nttgroupsecurity.com
About NTT i3
NTT Innovation Institute, Inc., (NTT i3) is the Silicon Valley-based open innovation and applied research and development center of NTT Group. The institute works closely with NTT operating companies and their customers around the world to develop market-driven, customer-focused solutions and services. NTT i3 builds on the vast intellectual capital base of NTT Group, which invests more than $3.5 billion a year in R&D. NTTi3 and its world-class scientists and engineers partner with prominent technology companies and start-ups, to deliver market-leading solutions that span strategy, business applications, data and infrastructure.
To learn more about NTT i3, please visit us at www.ntti3.com.