McAfee: security operation centres under constant threat
A recent survey conducted on enterprise security operation centres found that 93% of respondents are unable to triage all potential cyber threats.
Intel Security recently unveiled the results of its McAfee Labs Threat Report: December 2016, which highlighted key developments in cybersecurity threats over the last year, as well as how enterprises are utilising security operations centres (SOCs).
In particular, the report explored the continued growth of ransomware threats, along with mobile malware, macro malware, and Mac OS malware.
Vincent Weafer, vice-president of Intel Security's McAfee Labs, said: "One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives."
He added: "The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox aware, the need to conceal malicious activity is driving a trend toward ‘Trojanising' legitimate applications.
"Such developments place an ever greater workload on an organisation's SOC-where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress."
Part of the report focused on how enterprises utilised their respective SOCs. Insights gained from interviews conducted with nearly 400 security practitioners from different industries and geographies, found that 93% of respondents acknowledged being overwhelmed and unable to triage all potential threats.
Additionally, 67% of respondents also reported a sharp increase in security incidents, while 57% shared that they are being attacked more often, and 73% believe they are better placed to spot incoming attacks.
The report also found that on average, organisations are unable to effectively investigate 25% of their security alerts.
Of the many threats reported, ransomware was reported to be the most pressing with the number of new ransomware samples reported at the end of Q3 totalling at 3,860,603. This was an increase of 80% in total ransomware samples since the start of 2016.
"The year 2016 may indeed be remembered as ‘the year of ransomware,' with both a huge jump in the number of ransomware attacks, a number of high profile attacks that generated wide media interest, and significant technical advances in this type of attack," commented Weafer.
"On the other side of the ransomware attacks, greater cooperation between the security industry and law enforcement, and constructive collaboration between industry rivals truly began to deliver results in taking the fight to the criminals. As a result we expect the growth of ransomware attacks to slow in 2017."