SlideShare a Scribd company logo

2016 Trends in Security

Ioannis Aligizakis, M.Sc., profile picture
Ioannis Aligizakis, M.Sc.

This document provides a summary of the top 10 findings from Microsoft's 2016 Trends in Cybersecurity report. Key findings include: - 41.8% of all vulnerability disclosures were rated as highly severe, a 3-year high risk level. - Encounters with exploits of the Java programming language are on the decline likely due to changes in how web browsers handle Java applets. - Consumer computers encounter malware at twice the rate of enterprise computers likely due to stronger security protections in business networks. - Locations with the highest malware infection rates were Mongolia, Libya, Palestinian territories, Iraq and Pakistan.

Services
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2 2016 Trends in Cybersecurity For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware. We’ve used data gathered from more than 600 million com- puters worldwide to develop one of the most complete se- curity data sets in the world. Our year-round research is then collected and published in The Microsoft Security Intelligence Report, a globally accredited, 160-page report that compre- hensively addresses the security landscape. This year, in an effort to drive awareness of key insights and trends, we’ve also developed A Quick Guide to the Most Important Insights in Security, an abridged, to-the-point re- source that readers can use to learn the important factors in the complex matrix of Cybersecurity. In this eBook, we’ve captured our Top 10 key findings. Read on to learn critical information about vulnerability rates, exploits in key software programs, the locations with the highest in- fection rates, and much more. With more than 6,000 vulner- abilities disclosed per year across the industry, it’s extremely important to ensure that all of the software in your IT environ- ment is assessed and updated. Here are our Top 10 key find- ings to help increase your security level.
Severity of Vulnerabilities Declining Java Exploits Stronger Enterprise Protection Global Security Concerns Extent of Exploits Kit Most Commonly Detected Objects New Application Vulnerabilities Increased Trojan Levels Continued Complexity of Threats Platform Agnostic Vulnerabilities 4 6 8 10 12 14 16 18 20 22 The Trends
4 2016 Trends in Cybersecurity 41.8 percent of all vulnerability disclosures are rated as highly severe —a three-year high. 2016 Trends in Cybersecurity - Severity of Vulnerabilites
Why it matters Vulnerability disclosures are revelations of software vulnerabilities to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, indepen- dent security researchers, and even malware creators. Attackers and malware routinely attempt to use unpatched vulnerabilities to compromise and victimize organizations. Vulnerability disclosures across the industry increased 9.4 percent between the first and second halves of 2015, to just above 3,300. These are the high-severity vulnerabilities that security teams dread as they might enable remote attackers. With more than 6,000 vul- nerabilities publicly disclosed per year across the industry, it’s extremely important that all software in your IT environment gets assessed and updated on a regular basis. Install soft- ware patches promptly, monitor networks for suspicious activity, and quarantine devices that exhibit unusual behavior. Industry-wide vulnerability disclosures each half year into the second half of 2015
6 2016 Trends in Cybersecurity Encounters with Java exploits are on the decline. 6 2016 Trends in Cybersecurity - Declining Java Exploits
Why it matters Attackers used to favor Java exploita- tion, but that is no longer the case. This decrease is likely the result of several important changes in the way web browsers evaluate and execute Java applets. Security teams can prioritize their efforts now on higher priority risks. Java users should continue to install se- curity patches as they become available to continue guarding against potential future attacks. Trends for the top Java exploits detected and blocked by Microsoft real-time antimalware products in the second half of 2015
8 2016 Trends in Cybersecurity Consumer computers encounter 2X the number of threats as compared to enterprise computers. 2016 Trends in Cybersecurity - Stronger Enterprise Protection
Why it matters Enterprise environments typically implement defense-in-depth measures, such as enterprise firewalls, that prevent a certain amount of malware from reaching users’ computers. Consequently, enterprise computers tend to encounter malware at a lower rate than consumer computers. The en- counter rate for consumer computers was about 2.2 times as high as the rate for enterprise computers. Meanwhile, enterprise (domain-based) computers encountered exploits nearly as often as consumers’ computers (non-domain), despite encountering less than half as much malware as non-domain computers overall. This tells CISOs that exploits are an issue for organizations and staying up-to-date with security updates and the latest software is their best defense. Despite these trends, you can secure your company’s assets by understanding the threat landscape and devising a security strategy across all fronts, including: identity and access credentials, apps and data, network devices and infrastructure. By adopting a proactive security stance and taking advantage of the latest in multi-factor authentica- tion, machine learning and analytics technologies, you can harden your company’s defenses against cyberattacks, and be equipped to respond in the event of a breach. Malware and unwanted software encounter rates for domain-based and non-domain computers. 2% 4% 6% 8% 10% 12% 14% 16% 18% Browser Modifers Trojans WormsS oftware Bundlers Downloaders & Droppers Obfuscators & Injectors Adware Exploits Viruses Other Backdoors Randomware Password Stealers & Monitoring Tools Domain Non-domain
10 2016 Trends in Cybersecurity Locations with the highest malware infection rates were Mongolia, Libya, the Palestinian territories, Iraq, and Pakistan. 10 2016 Trends in Cybersecurity - Global Security Concerns
Why it matters Malware is unevenly distributed around the world and each location has its own mix of threats. By studying the areas of the world that are highly impacted with malware and comparing them to the least infected parts of the world, we can try to discover what technical, economic, social, and political factors influence re- gional malware infection rates. This infor- mation might help to inform future public policy that, in turn, could lead to reduced malware infection rates in highly impact- ed parts of the world. A previous study is also available Infection rates by country/region
12 2016 Trends in Cybersecurity Exploit kits account for 40 percent of the most commonly encountered exploits. 2016 Trends in Cybersecurity - Extent of Exploits Kit
Why it matters Exploit kits are collections of exploits bundled together and sold as commercial software or as a service. Prospective attackers buy or rent exploit kits on malicious hacker forums and through other illegitimate outlets. A typical kit comprises a collection of webpages that con- tain exploits for several vulnerabilities in popular web browsers and browser add-ons. When the attacker installs the kit on a malicious or com- promised web server, visitors who don’t have the appropriate security updates installed are at risk of having their computers compromised through drive-by download attacks. Exploit kits enable lower skilled attackers to perform more sophisticated attacks. Understanding which exploits and exploit kits are being used by attackers helps security teams protect their organizations. Quarterly encounter rate trends for the exploit families most commonly detected and blocked by Microsoft real-time antimalware products in the second half of 2015, shaded according to relative prevalence
14 2016 Trends in Cybersecurity Adobe Flash Player objects were the most commonly detected type of object, appearing on more than 90 percent of malicious pages over a one-year period. 14 2016 Trends in Cybersecurity - Most Commonly Detected Objects
Why it matters This data tells security teams that at- tackers have shifted their attacks host- ed on malicious web pages from Java to Flash Player. Knowing this makes it easier to plan mitigations for malicious webpages. It also illustrates the impor- tance of keeping Adobe Flash Player updated. Users should prioritize installing Flash security updates to help protect against this rising threat. ActiveX controls detected on malicious webpages through IExtensionValidation in 2015, by control type
16 2016 Trends in Cybersecurity 44.2 percent of all disclosed vulnerabilities are found in applications other than web browsers and operating system applications. 2016 Trends in Cybersecurity - New Application Vulnerabilities
Why it matters Many security teams focus their efforts on patching operating systems and web browsers. But vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities. The majority of vulner- abilities are in applications. Security teams need to spend appropriate time on assessing and patching these vul- nerabilities. Otherwise, they could be missing the bulk of vulnerabilities in their environments. To increase protection on the network, identify unsanctioned apps and enforce your corporate policies regarding cloud resources, and monitor activity for any- thing unusual. Industrywide operating system, browser, and application vulnerabilities, 1H13–2H15
18 2016 Trends in Cybersecurity Encounters with Trojans, a prevalent category of malware that uses social engineering to trick users, increased by 57 percent, and remained at elevated levels. 18 2016 Trends in Cybersecurity - Increased Trojan Levels
Why it matters Knowledge is power! Understanding which types of threats people in your organization are most likely to encounter helps organizations prioritize mitigations, including training people to identify such threats. Trojans claim to be one thing, like a document or video, but are really a tool that attackers use to trick people into taking some action that isn’t in their best interest, like installing malware on their system or lowering their security settings. This makes Trojans one of attackers’ favorite tools. Knowing this, and looking at how the top Trojans in your area of the world behave, will help you protect your organization better. Educate your workforce about common Tro- jan tricks, including fake web headlines with provocative titles and spoofed emails. Encour- age workers to use personal devices for social media and web surfing instead of devices connected to your corporate network. Encounter rates for significant malware categories
20 2016 Trends in Cybersecurity The prevalence of any particular threat can vary dramatically, depending on the country and the nature of the threat, which is one of the reasons why there’s no silver bullet for achieving “perfect” security. For example, Russia and Brazil had nearly triple the worldwide average encounter rates for some types of threats. 2016 Trends in Cybersecurity - Continued Complexity of Threats
Why it matters Understanding what strategies and tactics attackers are using in parts of the world where you have operations will allow you to better protect those operations. There are parts of the world where ransomware is encoun- tered far more than other locations; similarly, with Trojans, and exploits, and other malware. Use the data in the Security Intelligence Report to under- stand the threats your organization is most likely going to encounter and to inform your security plan. Threat category prevalence worldwide and in the 10 locations with the most computers reporting encounters.
22 2016 Trends in Cybersecurity In any six month period, less than 10 percent of vulnerability disclosures are found in Microsoft software. 22 2016 Trends in Cybersecurity - Platform Agnostic Vulnerabilities
Why it matters If your organization only focuses on patching vulnerabilities in your most commonly used software, you are likely not managing all the vulner- abilities present in your IT environ- ment. It’s important to know if you need to take action on any of the other nearly 3,000 vulnerabilities that could be in your organization’s environment. Device encryption and consistent compliance with IT rules can help reduce the odds of a breach. If you detect suspicious behavior, block and quarantine the device off the network until the threat is identified and removed. Vulnerability disclosures for Microsoft and non-Microsoft products, 1H13–2H15
24 2016 Trends in Cybersecurity To learn more about these and other findings, download the Security Intelligence Report, or visit: www.microsoft.com/security © 2016 Microsoft Corporation. All rights reserved. This document is for informational purposes only. Microsoft makes no warranties, express or implied, with respect to the information presented here.

More Related Content

PDF
Microsoft Security Intelligence Report vol. 21
Ioannis Aligizakis, M.Sc.
 
PDF
Microsoft Cyber Defense Operation Center Strategy
Ioannis Aligizakis, M.Sc.
 
PDF
Cisco Annual Security Report 2016
The Internet of Things
 
PDF
Cisco 2016 Annual Security Report
James Gachie
 
PDF
Cisco Annual Security Report
The Internet of Things
 
PDF
Contending Malware Threat using Hybrid Security Model
IRJET Journal
 
PDF
Turning the Tables on Cyber Attacks
- Mark - Fullbright
 
PPTX
Cisco Web and Email Security Overview
Cisco Security
 
Microsoft Security Intelligence Report vol. 21
Ioannis Aligizakis, M.Sc.
 
Microsoft Cyber Defense Operation Center Strategy
Ioannis Aligizakis, M.Sc.
 
Cisco Annual Security Report 2016
The Internet of Things
 
Cisco 2016 Annual Security Report
James Gachie
 
Cisco Annual Security Report
The Internet of Things
 
Contending Malware Threat using Hybrid Security Model
IRJET Journal
 
Turning the Tables on Cyber Attacks
- Mark - Fullbright
 
Cisco Web and Email Security Overview
Cisco Security
 

What's hot (16)

PDF
Cisco Content Security
Cisco Canada
 
PDF
Cisco Addresses the Full Attack Continuum
Cisco Security
 
PDF
Advanced Web Security Deployment
Cisco Canada
 
PDF
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
Dean Iacovelli
 
PDF
Ey giss-under-cyber-attack
Комсс Файквэе
 
PDF
The Cost of Inactivity: Malware Infographic
Cisco Security
 
PDF
Level Up Your Security with Threat Intelligence
IBM Security
 
PDF
Midyear security-report-2016
Andrey Apuhtin
 
PDF
Computer Security Incident Handling Guide
Muhammad FAHAD
 
PDF
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
North Texas Chapter of the ISSA
 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
 
PDF
Endpoint Detection & Response - FireEye
Prime Infoserv
 
PDF
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Proofpoint
 
PPTX
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
IBM Security
 
PPT
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
DOCX
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
Cisco Content Security
Cisco Canada
 
Cisco Addresses the Full Attack Continuum
Cisco Security
 
Advanced Web Security Deployment
Cisco Canada
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
Dean Iacovelli
 
Ey giss-under-cyber-attack
Комсс Файквэе
 
The Cost of Inactivity: Malware Infographic
Cisco Security
 
Level Up Your Security with Threat Intelligence
IBM Security
 
Midyear security-report-2016
Andrey Apuhtin
 
Computer Security Incident Handling Guide
Muhammad FAHAD
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
North Texas Chapter of the ISSA
 
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Proofpoint
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
IBM Security
 
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
Why security is the kidney not the tail of the dog v3
Ernest Staats
 
Ad

Viewers also liked (20)

PDF
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
PDF
Top Cyber Security Trends for 2016
Imperva
 
PDF
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Matthew Rosenquist
 
PPTX
My presentation to iCERT in Orlando Florida 10/26/14
Mark Fletcher, ENP
 
PDF
Analytics That Drive The Value Of Content
Pajama Program
 
PPTX
Dell SecureWorks Sale Meeting Presentation
Erwin Carrow
 
PDF
NoSQL, no security?
wurbanski
 
PDF
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
PPTX
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
PPTX
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
PPTX
Getting Started with Business Continuity
Stephen Cobb
 
PPTX
Cyber security
Harsh verma
 
PPTX
Malware and the risks of weaponizing code
Stephen Cobb
 
PPTX
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Stephen Cobb
 
PPTX
Cybercrime and the Hidden Perils of Patient Data
Stephen Cobb
 
PPTX
A Career in Cybersecurity
lfh663
 
PPTX
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
PPT
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
PPTX
Global threat landscape
Jynette Reed
 
PPTX
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Stephen Cobb
 
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
Top Cyber Security Trends for 2016
Imperva
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Matthew Rosenquist
 
My presentation to iCERT in Orlando Florida 10/26/14
Mark Fletcher, ENP
 
Analytics That Drive The Value Of Content
Pajama Program
 
Dell SecureWorks Sale Meeting Presentation
Erwin Carrow
 
NoSQL, no security?
wurbanski
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
Getting Started with Business Continuity
Stephen Cobb
 
Cyber security
Harsh verma
 
Malware and the risks of weaponizing code
Stephen Cobb
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Stephen Cobb
 
Cybercrime and the Hidden Perils of Patient Data
Stephen Cobb
 
A Career in Cybersecurity
lfh663
 
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Global threat landscape
Jynette Reed
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Stephen Cobb
 
Ad

Similar to 2016 Trends in Security (20)

PDF
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
PDF
EndpointSecurityConcerns2014
Peggy Lawless
 
PPT
Paul Henry’s 2011 Malware Trends
Lumension
 
PPTX
Presentatie Kaspersky over Malware trends en statistieken, 26062015
SLBdiensten
 
PPT
State of endpoint risk v3
Lumension
 
PPT
State of endpoint risk v3
Lumension
 
PPT
State of endpoint risk v3
Lumension
 
PDF
2016 CYBERSECURITY PLAYBOOK
Boris Loukanov
 
PPT
Information security in todays world
Sibghatullah Khattak
 
PDF
Internet Security Threat Report (ISTR) Government
SSLRenewals
 
PDF
Ht seminar uniten-cyber security threat landscape
Haris Tahir
 
PDF
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
PDF
Websense security prediction 2014
Bee_Ware
 
PDF
edgescan vulnerability stats report (2019)
Eoin Keary
 
PDF
Maximize Computer Security With Limited Ressources
Secunia
 
PPT
C3
Praveen Malisetty
 
PDF
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
 
PDF
Check point 2015-securityreport
EIINSTITUT
 
PPTX
Real Business Threats!
Rochester Security Summit
 
PPTX
State of endpoint risk v3
Lumension
 
Istr number 23 internet security threat repor 2018 symantec
Soluciona Facil
 
EndpointSecurityConcerns2014
Peggy Lawless
 
Paul Henry’s 2011 Malware Trends
Lumension
 
Presentatie Kaspersky over Malware trends en statistieken, 26062015
SLBdiensten
 
State of endpoint risk v3
Lumension
 
State of endpoint risk v3
Lumension
 
State of endpoint risk v3
Lumension
 
2016 CYBERSECURITY PLAYBOOK
Boris Loukanov
 
Information security in todays world
Sibghatullah Khattak
 
Internet Security Threat Report (ISTR) Government
SSLRenewals
 
Ht seminar uniten-cyber security threat landscape
Haris Tahir
 
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
Websense security prediction 2014
Bee_Ware
 
edgescan vulnerability stats report (2019)
Eoin Keary
 
Maximize Computer Security With Limited Ressources
Secunia
 
C3
Praveen Malisetty
 
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
 
Check point 2015-securityreport
EIINSTITUT
 
Real Business Threats!
Rochester Security Summit
 
State of endpoint risk v3
Lumension
 

Recently uploaded (20)

PPT
8.1 Protein energy malnutrition paedatric.ppt
pickyblinder789
 
PPTX
Al Tamayoz Company Profile asd asd asdasd
MohamedKaram137435
 
PDF
Why Corporate Relocations Need Professional Packers and Movers.pdf
Xtended Space
 
PPT
From India to the World How We Export Eco-Friendly Holi Colours Globally.ppt
holicolor
 
PPTX
Enhancing Wastewater Treatment Efficiency with GO2™ Water Treatment Chlorine ...
GO2International2
 
PDF
Choosing an Entrepreneurial Path Based on Your Personality.pdf
Antoaneta Ts
 
PDF
Robert Hume San Diego_ How Firefighting Tools and Technology Have Transformed...
Robert Hume San Diego
 
PDF
Green minimalist professional Business Proposal Presentation.pdf
PROMANAGE IT SOLUTION
 
PDF
Looking to Work Abroad_ Here’s Why Canada is a Great Option.pdf
Salma377031
 
PPTX
Task 2_ portfolio PP-Food collection drive purpose
workabcde12345
 
PDF
Risk Assessment Survey of the Esarbica 2025.pdf
elainemuroiwa7
 
PPTX
Expert Tree Pruning & Maintenance Services in Sydney
National Tree Services
 
PDF
How Firewalls Stop Cyber Attacks Before They Happen?
VRS Technologies
 
PDF
Choosing the Right SIRA-Approved Access Control Systems for Your Dubai Busine...
abhilashaxontec
 
PPTX
Driving Accountability The Power of Business Responsibility and Sustainabilit...
alisharoyhere
 
PDF
Top 7 Cybersecurity Companies in Abu Dhabi
10Pie
 
PDF
Management Colleges In Delhi Ncr | Galgotias University
Galgotias University
 
PDF
Best Private Bba Colleges | Galgotias University
Galgotias University
 
PPTX
Precision Mapping with Scan to BIM Services
Silicon EC UK LTD
 
PDF
Blush & Brown Modern Minimalist eBook Workbook.pdf
PROMANAGE IT SOLUTION
 
8.1 Protein energy malnutrition paedatric.ppt
pickyblinder789
 
Al Tamayoz Company Profile asd asd asdasd
MohamedKaram137435
 
Why Corporate Relocations Need Professional Packers and Movers.pdf
Xtended Space
 
From India to the World How We Export Eco-Friendly Holi Colours Globally.ppt
holicolor
 
Enhancing Wastewater Treatment Efficiency with GO2™ Water Treatment Chlorine ...
GO2International2
 
Choosing an Entrepreneurial Path Based on Your Personality.pdf
Antoaneta Ts
 
Robert Hume San Diego_ How Firefighting Tools and Technology Have Transformed...
Robert Hume San Diego
 
Green minimalist professional Business Proposal Presentation.pdf
PROMANAGE IT SOLUTION
 
Looking to Work Abroad_ Here’s Why Canada is a Great Option.pdf
Salma377031
 
Task 2_ portfolio PP-Food collection drive purpose
workabcde12345
 
Risk Assessment Survey of the Esarbica 2025.pdf
elainemuroiwa7
 
Expert Tree Pruning & Maintenance Services in Sydney
National Tree Services
 
How Firewalls Stop Cyber Attacks Before They Happen?
VRS Technologies
 
Choosing the Right SIRA-Approved Access Control Systems for Your Dubai Busine...
abhilashaxontec
 
Driving Accountability The Power of Business Responsibility and Sustainabilit...
alisharoyhere
 
Top 7 Cybersecurity Companies in Abu Dhabi
10Pie
 
Management Colleges In Delhi Ncr | Galgotias University
Galgotias University
 
Best Private Bba Colleges | Galgotias University
Galgotias University
 
Precision Mapping with Scan to BIM Services
Silicon EC UK LTD
 
Blush & Brown Modern Minimalist eBook Workbook.pdf
PROMANAGE IT SOLUTION
 

2016 Trends in Security

  • 1. 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
  • 2. 2 2016 Trends in Cybersecurity For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware. We’ve used data gathered from more than 600 million com- puters worldwide to develop one of the most complete se- curity data sets in the world. Our year-round research is then collected and published in The Microsoft Security Intelligence Report, a globally accredited, 160-page report that compre- hensively addresses the security landscape. This year, in an effort to drive awareness of key insights and trends, we’ve also developed A Quick Guide to the Most Important Insights in Security, an abridged, to-the-point re- source that readers can use to learn the important factors in the complex matrix of Cybersecurity. In this eBook, we’ve captured our Top 10 key findings. Read on to learn critical information about vulnerability rates, exploits in key software programs, the locations with the highest in- fection rates, and much more. With more than 6,000 vulner- abilities disclosed per year across the industry, it’s extremely important to ensure that all of the software in your IT environ- ment is assessed and updated. Here are our Top 10 key find- ings to help increase your security level.
  • 3. Severity of Vulnerabilities Declining Java Exploits Stronger Enterprise Protection Global Security Concerns Extent of Exploits Kit Most Commonly Detected Objects New Application Vulnerabilities Increased Trojan Levels Continued Complexity of Threats Platform Agnostic Vulnerabilities 4 6 8 10 12 14 16 18 20 22 The Trends
  • 4. 4 2016 Trends in Cybersecurity 41.8 percent of all vulnerability disclosures are rated as highly severe —a three-year high. 2016 Trends in Cybersecurity - Severity of Vulnerabilites
  • 5. Why it matters Vulnerability disclosures are revelations of software vulnerabilities to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, indepen- dent security researchers, and even malware creators. Attackers and malware routinely attempt to use unpatched vulnerabilities to compromise and victimize organizations. Vulnerability disclosures across the industry increased 9.4 percent between the first and second halves of 2015, to just above 3,300. These are the high-severity vulnerabilities that security teams dread as they might enable remote attackers. With more than 6,000 vul- nerabilities publicly disclosed per year across the industry, it’s extremely important that all software in your IT environment gets assessed and updated on a regular basis. Install soft- ware patches promptly, monitor networks for suspicious activity, and quarantine devices that exhibit unusual behavior. Industry-wide vulnerability disclosures each half year into the second half of 2015
  • 6. 6 2016 Trends in Cybersecurity Encounters with Java exploits are on the decline. 6 2016 Trends in Cybersecurity - Declining Java Exploits
  • 7. Why it matters Attackers used to favor Java exploita- tion, but that is no longer the case. This decrease is likely the result of several important changes in the way web browsers evaluate and execute Java applets. Security teams can prioritize their efforts now on higher priority risks. Java users should continue to install se- curity patches as they become available to continue guarding against potential future attacks. Trends for the top Java exploits detected and blocked by Microsoft real-time antimalware products in the second half of 2015
  • 8. 8 2016 Trends in Cybersecurity Consumer computers encounter 2X the number of threats as compared to enterprise computers. 2016 Trends in Cybersecurity - Stronger Enterprise Protection
  • 9. Why it matters Enterprise environments typically implement defense-in-depth measures, such as enterprise firewalls, that prevent a certain amount of malware from reaching users’ computers. Consequently, enterprise computers tend to encounter malware at a lower rate than consumer computers. The en- counter rate for consumer computers was about 2.2 times as high as the rate for enterprise computers. Meanwhile, enterprise (domain-based) computers encountered exploits nearly as often as consumers’ computers (non-domain), despite encountering less than half as much malware as non-domain computers overall. This tells CISOs that exploits are an issue for organizations and staying up-to-date with security updates and the latest software is their best defense. Despite these trends, you can secure your company’s assets by understanding the threat landscape and devising a security strategy across all fronts, including: identity and access credentials, apps and data, network devices and infrastructure. By adopting a proactive security stance and taking advantage of the latest in multi-factor authentica- tion, machine learning and analytics technologies, you can harden your company’s defenses against cyberattacks, and be equipped to respond in the event of a breach. Malware and unwanted software encounter rates for domain-based and non-domain computers. 2% 4% 6% 8% 10% 12% 14% 16% 18% Browser Modifers Trojans WormsS oftware Bundlers Downloaders & Droppers Obfuscators & Injectors Adware Exploits Viruses Other Backdoors Randomware Password Stealers & Monitoring Tools Domain Non-domain
  • 10. 10 2016 Trends in Cybersecurity Locations with the highest malware infection rates were Mongolia, Libya, the Palestinian territories, Iraq, and Pakistan. 10 2016 Trends in Cybersecurity - Global Security Concerns
  • 11. Why it matters Malware is unevenly distributed around the world and each location has its own mix of threats. By studying the areas of the world that are highly impacted with malware and comparing them to the least infected parts of the world, we can try to discover what technical, economic, social, and political factors influence re- gional malware infection rates. This infor- mation might help to inform future public policy that, in turn, could lead to reduced malware infection rates in highly impact- ed parts of the world. A previous study is also available Infection rates by country/region
  • 12. 12 2016 Trends in Cybersecurity Exploit kits account for 40 percent of the most commonly encountered exploits. 2016 Trends in Cybersecurity - Extent of Exploits Kit
  • 13. Why it matters Exploit kits are collections of exploits bundled together and sold as commercial software or as a service. Prospective attackers buy or rent exploit kits on malicious hacker forums and through other illegitimate outlets. A typical kit comprises a collection of webpages that con- tain exploits for several vulnerabilities in popular web browsers and browser add-ons. When the attacker installs the kit on a malicious or com- promised web server, visitors who don’t have the appropriate security updates installed are at risk of having their computers compromised through drive-by download attacks. Exploit kits enable lower skilled attackers to perform more sophisticated attacks. Understanding which exploits and exploit kits are being used by attackers helps security teams protect their organizations. Quarterly encounter rate trends for the exploit families most commonly detected and blocked by Microsoft real-time antimalware products in the second half of 2015, shaded according to relative prevalence
  • 14. 14 2016 Trends in Cybersecurity Adobe Flash Player objects were the most commonly detected type of object, appearing on more than 90 percent of malicious pages over a one-year period. 14 2016 Trends in Cybersecurity - Most Commonly Detected Objects
  • 15. Why it matters This data tells security teams that at- tackers have shifted their attacks host- ed on malicious web pages from Java to Flash Player. Knowing this makes it easier to plan mitigations for malicious webpages. It also illustrates the impor- tance of keeping Adobe Flash Player updated. Users should prioritize installing Flash security updates to help protect against this rising threat. ActiveX controls detected on malicious webpages through IExtensionValidation in 2015, by control type
  • 16. 16 2016 Trends in Cybersecurity 44.2 percent of all disclosed vulnerabilities are found in applications other than web browsers and operating system applications. 2016 Trends in Cybersecurity - New Application Vulnerabilities
  • 17. Why it matters Many security teams focus their efforts on patching operating systems and web browsers. But vulnerabilities in those two types of software usually account for a minority of the publicly disclosed vulnerabilities. The majority of vulner- abilities are in applications. Security teams need to spend appropriate time on assessing and patching these vul- nerabilities. Otherwise, they could be missing the bulk of vulnerabilities in their environments. To increase protection on the network, identify unsanctioned apps and enforce your corporate policies regarding cloud resources, and monitor activity for any- thing unusual. Industrywide operating system, browser, and application vulnerabilities, 1H13–2H15
  • 18. 18 2016 Trends in Cybersecurity Encounters with Trojans, a prevalent category of malware that uses social engineering to trick users, increased by 57 percent, and remained at elevated levels. 18 2016 Trends in Cybersecurity - Increased Trojan Levels
  • 19. Why it matters Knowledge is power! Understanding which types of threats people in your organization are most likely to encounter helps organizations prioritize mitigations, including training people to identify such threats. Trojans claim to be one thing, like a document or video, but are really a tool that attackers use to trick people into taking some action that isn’t in their best interest, like installing malware on their system or lowering their security settings. This makes Trojans one of attackers’ favorite tools. Knowing this, and looking at how the top Trojans in your area of the world behave, will help you protect your organization better. Educate your workforce about common Tro- jan tricks, including fake web headlines with provocative titles and spoofed emails. Encour- age workers to use personal devices for social media and web surfing instead of devices connected to your corporate network. Encounter rates for significant malware categories
  • 20. 20 2016 Trends in Cybersecurity The prevalence of any particular threat can vary dramatically, depending on the country and the nature of the threat, which is one of the reasons why there’s no silver bullet for achieving “perfect” security. For example, Russia and Brazil had nearly triple the worldwide average encounter rates for some types of threats. 2016 Trends in Cybersecurity - Continued Complexity of Threats
  • 21. Why it matters Understanding what strategies and tactics attackers are using in parts of the world where you have operations will allow you to better protect those operations. There are parts of the world where ransomware is encoun- tered far more than other locations; similarly, with Trojans, and exploits, and other malware. Use the data in the Security Intelligence Report to under- stand the threats your organization is most likely going to encounter and to inform your security plan. Threat category prevalence worldwide and in the 10 locations with the most computers reporting encounters.
  • 22. 22 2016 Trends in Cybersecurity In any six month period, less than 10 percent of vulnerability disclosures are found in Microsoft software. 22 2016 Trends in Cybersecurity - Platform Agnostic Vulnerabilities
  • 23. Why it matters If your organization only focuses on patching vulnerabilities in your most commonly used software, you are likely not managing all the vulner- abilities present in your IT environ- ment. It’s important to know if you need to take action on any of the other nearly 3,000 vulnerabilities that could be in your organization’s environment. Device encryption and consistent compliance with IT rules can help reduce the odds of a breach. If you detect suspicious behavior, block and quarantine the device off the network until the threat is identified and removed. Vulnerability disclosures for Microsoft and non-Microsoft products, 1H13–2H15
  • 24. 24 2016 Trends in Cybersecurity To learn more about these and other findings, download the Security Intelligence Report, or visit: www.microsoft.com/security © 2016 Microsoft Corporation. All rights reserved. This document is for informational purposes only. Microsoft makes no warranties, express or implied, with respect to the information presented here.