Some 81% of all emails scanned by Websense last year were unwanted or malicious, a 25% increase on 2013, according to the vendor’s latest annual Threat Report.
The report highlights eight key trends set to keep corporate IT security leaders busy over the next year.
It claims the ‘malware-as-a-service’ trend has effectively democratized the means for hackers of all skill levels to launch damaging attacks, with cyber-criminals blending cutting edge tools with tried-and-tested techniques.
IoT and insider threats, security skills gaps and network infrastructure weaknesses were also said to represent key challenges for 2015.
Other trends picked out by the report include the propensity of cyber-criminals to reuse techniques and infrastructure. For example, over 99% of C&C infrastructure detected had been used by at least one other malware author.
The total volume of threats decreased by 5% from 2013 to 2014, although this is likely to be a result of hackers focusing their attacks in a more targeted, covert manner – making them trickier to spot.
Carl Leonard, Websense principal security analyst, recommended better employee education to improve the “first line of defense”; data theft prevention tools to reduce the risk of an insider breach; and IoT monitoring to check on anomalous behavior from devices.
“Malware authors will always evolve, so changes in techniques, tools and tactics is guaranteed. Organizations must re-evaluate their security posture to consider technical and human elements,” he told Infosecurity by email.
“Also ensure that your business has complete visibility of threats across the threat lifecycle, and that your security solution is adaptive to shifts in malicious tactics. And finally, understand your data and deploy tools to prevent data theft to stop the horse bolting past your network perimeter.”
Embedded open source vulnerabilities like Heartbleed have also begun appearing with greater regularity over the past year.
To combat these, Leonard recommended regular system reviews, a clear process for vulnerability risk assessment, and staying up to date with breaking threat intelligence.