End users are the new organisation’s security perimeter, according to the report, which was based on more than six billion incidents worldwide in 2014.
They are increasingly using their devices both inside and outside the corporate security perimeter – thus IT and security management can no longer count on well-defined network security perimeters to protect their organisations.
“Threats targeting end users are higher than ever,” says Matthew Gyde, group executive – security for Dimension Data, which is part of the NTT Group. “Security vulnerabilities are mostly related to end-user systems and not servers.”
The research finds a massive increase in malware detections on Monday mornings. This is the time users reconnect their devices to the corporate network. “This trend supports the contention that the security perimeter in organisations is dissolving,” says Gyde.Read more: ‘Not using cloud is just like fighting gravity’: Glenn Gore, AWS
“It appears that successful exploits occur over the weekend when end users - and their devices - are outside the security controls of the corporate network. This indicates that traditional security controls are effective at protecting the corporate network, however assets that transition between corporate and external access points are at greater risk.”
Gyde says controls that address this trend must focus on the user and their devices, regardless of location, and points out that seven of the top 10 vulnerabilities identified were on end-user systems. End users become a liability and that’s because their devices often have many unpatched vulnerabilities, he states.Winning users’ hearts and minds
It appears that successful exploits occur over the weekend when end users - and their devices - are outside the security controls of the corporate network.
Gyde says the malware industry is maturing, with malware becoming commoditised and available through dark net marketplaces. This means the barrier to entry for cybercriminals is a minimal financial investment, but for a potentially large return.
“And this trend is not about to disappear,” he states. “As users become more accustomed to always-on, real-time access to corporate data, they also become the targets of criminals wanting those same data sources. In summary, users and their devices become the criminal’s entry point.”
The report finds attacks against business and professional services increased form 9 per cent to 15 per cent. Finance continues to be the number one targeted sector, accounting for 18 per cent of all detected attacks.
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.