SAN MATEO, Calif. – September 6, 2017 – Concerns around emerging threats such as ransomware and polymorphic malware have sparked a significant increase in collaboration by the cybersecurity industry, according to new research published today by AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence.
According to the survey of over 600 conference participants at Black Hat USA, security professionals are most worried about threats that are constantly evolving and can evade traditional defenses. The largest group of respondents (43%) cited ransomware as their biggest security concern, while the second largest group, 31%, were most worried about polymorphic malware. In terms of ransomware, the biggest fear for most participants (38%) was not being able to prevent future infection.
Recent studies have found that 97% of successful malware infections employ polymorphic techniques. The shapeshifting capabilities of new malware strains are particularly concerning for security professionals because they render traditional endpoint security solutions ineffective, as these defenses cannot usually identify and stop new threats that haven’t been seen before.
Javvad Malik, security advocate at AlienVault, explains: “For years, security teams have perpetuated the myth that one can create an orderly, protective security bubble around an organization to keep the bad guys out. But new and emerging threats are challenging this approach. Cybersecurity never stops, so it’s vital that security teams pool their collective expertise by sharing threat intelligence. Spotting potential problems before they escalate is vital to minimizing future damage from cyber-attacks.”
This changing threat landscape has fueled a significant increase in the public sharing of threat intelligence over the past two years. AlienVault has been tracking the sharing of threat data through surveys at security conferences worldwide since 2015. In 2015, just 8% of Infosecurity Europe conference participants, and 14% of those attending Black Hat USA, said that they publicly shared details about new threats they discovered. In the 2017 survey of Black Hat conference participants, this percentage had jumped to 17%.
Furthermore, the results also show that security professionals are now trusting the threat intelligence available to them more than they did two years ago. In particular, the number of those who trust open source threat intelligence has doubled from 15% in 2015 (Infosecurity Europe participants only) to 31% of those surveyed at Black Hat 2017. This increased trust may be due by the proven ability of open source tools to respond quickly in the event of serious threats. For example, the AlienVault Open Threat Exchange® identified indicators of compromise and had issued correlation rules to detect Petya ransomware within the first two hours of its initial attack. In addition, advice and guidance on the EternalBlue exploit was available 18 days before WannaCry ransomware hit the internet.
Javvad Malik continues: “The harsh reality is that no number of security systems can stop an attack; they can only reduce the risk. The severity of an attack is therefore determined by how quickly a company can respond to threats as they occur. When security teams can identify potential threats before they strike, it can save a company millions in costly damages to both revenue and reputation. Free tools are often the fastest to spot and identify new threats because they rely on the shared experiences of huge numbers of security teams around the world.”