The incidents that cropped up in the months of April to June 2014—from the data breaches, DDoS attacks, to malware improvements and threats to privacy—highlighted the need for enterprises to craft a more strategic response against and in anticipation of security threats.
There were plenty of threats to be found in the quarter. There was the major vulnerability, Heartbleed, in the widely used cryptographic library OpenSSL. We saw both tech companies and restaurant chains fall victim to data breaches. We saw Windows XP patched one last time by Microsoft post-EOS. We saw major decisions in the judicial systems of the United States and Europe that could affect how data is handled and protected for years to come.
Other parts of the threat landscape continued to become a bigger problem. Both online banking malware and mobile malware continued to affect many users:
Figure 1. Online banking malware detection volume
Figure 2. Cumulative mobile malware threat volume
Some organizations will deal with these incidents in an exemplary manner. Others will fail. Most will be somewhere in between. Part of this quarter’s roundup discusses how several organizations dealt with various online threats that affected them, and what others can learn from these examples.
Of course, cybercrime and targeted attacks are not the only perceived “threats” in the world. Increasingly, large Internet companies and government surveillance are perceived as “threats” as well. Here, too, we see how these threats are being addressed: both the EU’s “right to be forgotten” and Riley v. California, a US Supreme Court decision that held that searching the information on a cellphone requires a warrant, can be viewed as responses of the American and European legal systems to the situations in both regions. As digital problems intrude more on the daily lives of users, it is nearly certain that courts will have to weigh in moving forward.
More details about the threats found in the second quarter—as well as how these threats were dealt with—can be found in TrendLabs report entitled Turning the Tables on Cyber Attacks.