Reviewing the Threat Landscape With IBM X-Force: Serious Data Breaches, Major Attacks and New Vulnerabilities
Year after year, IBM X-Force assesses and examines the goings-on in the world of cybersecurity and cyberthreats. A broad survey of our entire data set often yields interesting results that lead to the discovery of underlying trends. After all, you cannot find the needle in the haystack if you are looking in the wrong hay field.
The “IBM 2016 Cyber Security Intelligence Index” brings you exactly that: a survey of the threat landscape in 2015.
The report offers a high-level view of the major threats to our clients’ businesses worldwide and is complemented by other threat intelligence and research publications from IBM X-Force. Our goal is to help you better understand the current threat landscape by offering a detailed look at the volume of attacks, the industries most affected, the most prevalent types of attacks and attackers and the key factors enabling them.
IBM Security Services continuously monitors billions of events per year. We take that data and attempt to normalize it, creating a hypothetical client that can then be used as a point of comparison to those consuming the report. Now, on with the show!
2015 in Brief
Here are some findings from the “IBM 2016 Cyber Security Intelligence Index”:
- Your next attacker is likely to be someone you thought you could trust. Insider threats continue to pose the most significant risk to organizations everywhere.
- IBM found 64 percent more security incidents in 2015 than in 2014, likely as a result of improvements in detection and policy refinement.
- Health care became the most frequently attacked industry. A significant increase in attacks rocketed health care straight past financial services and manufacturing.
How in the world do we come to these conclusions? The proof is in the pudding — or in this case, the numbers. We start by compiling all security events, attacks, incidents, source IPs and destination IPs. We then normalize them and chart them out year by year.
More About the Survey Findings
Take our analysis of the insider threat. First, the source of the attack is tracked and correlated with the destination and type of attack. Human analysis then determines if the attack is most likely coming from inside or outside an organization’s network.
After that, the type of attack is used to determine if the source is a malicious insider or an inadvertent actor — someone who has been fooled into allowing a compromise to occur.
It should come as no surprise that the health care industry was the most targeted industry in 2015. Government and transportation also made their way into the top five.
Want to Learn More?
For a closer look at the full cyber threat landscape, download the “IBM 2016 Cyber Security Intelligence Index” and read our analysis of cyberattack and incident data from IBM’s worldwide security services operations.