Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched another release of our own cybersecurity report, summarizing the most significant information from the first semester 2019. The report’s philosophy is providing a global, targeted and useful vision on the most relevant data and facts on cybersecurity. It is addressed to cybersecurity professionals and enthusiasts, in a simple and visually-appealing format. Let’s go over some of the data from this edition.
Nowadays there is a flood of information on cybersecurity. Nevertheless, it does not mean that this flood of information is correctly understood and analyzed, thus such information is not properly exploited to improve processes and be less vulnerable. Lack of information is as harmful as its excess. To be updated and inform people is not enough, but it is also necessary to analyze and be able to prioritize, learn what is important and why. What are the most relevant facts currently happening? What is the current outlook? How security problems, vulnerabilities and attacks are evolving? It is necessary to summarize without losing depth.
Given all the above, this report aims to summarize latest information on cybersecurity (ranging from security on mobile phones to cyber risk, from the most relevant news to the most technical ones and the most common vulnerabilities), while covering most aspects of the field, in order to help the readers to understand the risks of the current outlook.
The information here presented is mostly based on the collection and synthesis of internal data that have been contrasted with public information from sources considered to be of quality. In the following lines you will find several important points extracted from the report.
#CyberSecurityReport19H1: Some data
Around 45,000 apps were removed from Google Play during this period, and of them, around 2% of the applications were detected by antiviruses. On average, they stayed on the app store 51 days.
4,495 vulnerabilities have been analyzed over the first semester 2019. As the previous semester, 62% of them have a severity score of 7 or higher. Oracle, Adobe and Microsoft remain the vendors with the highest number of CVEs assigned.
Thanks to BitSight, we have some data about cyberrisk. A European company needs an average of almost 5 days to fix a malware threat. Two more days compared to the previous semester. The fastest are the legal sector (they need just over 2 days), while the slowest are again food production companies (but now they need 11 days). In Spain, the health sector needs up to 17 days to neutralize a malware threat.
• Over the first semester 2019, a total of 155 vulnerabilities for iOS were published, although only 5 of them serious enough to enable code execution. Consequently, iOS has gathered 1656 vulnerabilities since 2007.
• Over the same period, a total of 60 vulnerabilities for Android were published, although only 4 of them serious enough to enable code execution. Consequently, Android has gathered 2014 vulnerabilities since 2009.
• 6% of iPhones execute an iOS earlier than 11. Regarding Android, less than half of the current devices execute version 8 or later.
• Spear phishing and malicious office documents (mainly through macros) remain the most common infection methods used among the most sophisticated groups of attackers.
• Gamarue and Conficker remain the most common malware threats in Europe, even with higher figures compared to the previous semester.
Full report here: