A recent report from IBM titled “2014 Cyber Security Intelligence Index” provides an up-to-date, high-level overview of the major threats facing organizations today and the trends being seen in the evolution of the threat landscape. With data gathered through the monitoring of clients’ technology platforms worldwide and analysis of the security intelligence gleaned, it describes the types of attacks being seen and their impact on organizations.

The report describes the threat landscape as dominated by well-funded and businesslike adversaries using extremely sophisticated, targeted attacks. However, organizations are still falling foul of negligent employees who continue to put businesses at risk, and security investments made in the past are not up to the task of protecting against the new classes of attack.

Organizations Overlooking the Fundamentals

As a result, the report postulates that organizations may be more vulnerable than they think and are not doing enough in the battle against cyber crime. Just 23 percent use cloud security protection, 32 percent have access to the latest threat intelligence and only 43 percent perform penetration testing or ethical hacking. Overall, it found that up to 40 percent of organizations are missing critical security protections. This shows that organizations are overlooking the IT fundamentals that can enhance their ability to mitigate risk.

**UPDATED** Download the Ponemon Institute 2016 Global Cost of Data Breach Study

Security Events on the Rise

The threat landscape continues to expand. In 2013, the number of security events increased by 12 percent over 2012, reaching 91 million events in 2013. Organizations need to respond by implementing more up-to-date security controls that are more proactive in nature. In particular, the need for security intelligence tools, supplanted by human analysis of the most serious incidents, is stark. IBM researchers state that security intelligence makes it possible to reduce millions of cyber security events suffered in any given year to an average of 16,900 attacks, which amounts to an average of 109 incidents per organization per year.

Reputations on the Line

Of all the incidents analyzed by IBM’s computer security incident response team, just 3 percent can be classified as “noteworthy” because the level of security impact is sufficiently high. The most common impact of such noteworthy events is data disclosure and theft, which can have huge consequences for an organization’s reputation. IBM’s research shows that 61 percent of organizations say that data theft and cyber crime are the greatest threats to their reputation.

According to research from the Ponemon Institute regarding the economic impact of IT risk and reputation, “substantial events,” which would largely equate to the definition of noteworthy, account for 75 percent of the total costs resulting from security incidents but for 92 percent of costs related to reputation and brand damage, which are the single largest category of costs at an average of $5.3 million per substantial event.

Human Error Looms Large

As the old saying goes, to err is human. But those errors are extremely costly: The “Cyber Security Intelligence Index” found that 95 percent of all security incidents involve human error, from misconfigurations and poor patch management practices to the use of insecure or default credentials, the loss of equipment or the disclosure of sensitive information through careless mistakes. Social engineering tactics are increasingly favored by attackers, highly targeted against specific individuals with the aim of tricking them into providing access to networks and the sensitive data they contain. While there are some technology safeguards for some problems caused by human error, IBM researchers state that the best strategy is to educate employees on an ongoing basis so that they are able to identify and defend themselves against suspicious communications and potential risks to their organizations.

Malicious Code, Sustained Probes Dominate the Cyber Security Landscape

Together, the use of malicious code and sustained probes or scans by outsiders account for a total of 58 percent of incidents seen by organizations. In many cases, malware and probes go hand in hand, with probes used to identify targets before malware is unleashed. However, a category of attack that has increased considerably is that of unauthorized access to systems, accounting for 19 percent of incidents, up 6 percent over the previous year. This is often the third prong of the attack, following probes and the use of malware to gain access to networks and then elevate privileges once a foothold has been gained. This is in line with the rise of highly targeted attacks, and they will likely only increase. No matter how savvy some employees are, there will always be weak links and attacks will be successful. The onus is on organizations to upgrade their ability to continuously monitor their networks for any signs of suspicious or abnormal activity, looking for signs of both unauthorized access as well as suspicious traffic activity.

Organizations Must Act Now

IBM’s report should be a call to action for many organizations, as the results of this research show that they are more vulnerable to cyber security incidents than they apparently think they are. It cautions that criminals will not relent and, unless organizations have full, real-time visibility into events affecting their networks, those criminals will succeed. All organizations should take heed — not just those with valuable intellectual property, customer information or high public visibility. Everyone is a target, and every organization should consider the possibility — perhaps probability — that they have already been breached. The stakes are high, and the time to act is now.

**UPDATED** Download the Ponemon Institute 2016 Global Cost of Data Breach Study

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…