Hackers Winning War for Online Security

Apps & Software

Published: April 14, 2015 6:35 am

One of the largest Internet security firms in the world — Symantec Corp. (NASDAQ: SYMC) — has issued a report that claims hackers have overwhelmed efforts to keep them from hacking corporate networks. And the “overwhelming” will only get worse.

Symantec researchers report in the firm’s new Internet Security Threat Report:

In a record-setting year for zero-day vulnerabilities, Symantec research reveals that it took software companies an average of 59 days to create and roll out patches—up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, leapt to exploit the vulnerability within four hours. There were 24 total zero-day vulnerabilities discovered in 2014, leaving an open playing field for attackers to exploit known security gaps before they were patched.

Further:

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks, which increased a total of eight percent in 2014. What makes last year particularly interesting is the precision of these attacks, which used 20 percent fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Many of these actions, or related ones, like the attack on Sony Corp. (NYSE: SNE), have been very public. The attacks not disclosed by companies that have been breached could be much larger. Depending on the sort of attack, companies may believe they do not need to be disclosed, particularly if large numbers of consumers have not effected.

ALSO READ: 15 Cities With the Most High-Tech Jobs

Symantec has provided advice for both consumers and business, as it hopes that actions taken by these groups might be able to hold off breaches. Among these actions are to use stronger passwords, provide employees with training about how to help prevent attacks, be “cautious” about social media and “prepare for the worst.”

The advice about “the worst” is the most apt. The entire premise of the Symantec report is that companies and individuals cannot stay ahead of an army of skilled hackers.