Another day, another data breach—at least it seems that way. With 70,000 new malware threats popping up each day, it makes sense. Threats must be getting sneakier, more complex and harder to stop, right? Wrong.
Verizon released its annual data breach investigations report this week. It notes that while we’re hearing a lot about sophisticated threats and an up rise from various hacktivist groups like Anonymous, 97% of all data breaches in 2011 were from simple forms of malware. Also, 97% of attacks could have been easily avoided. How do you feel about that?
Sure it’s easy to rationalize that all malware is getting really complex. That way when a breach happens you can chalk it up to a daunting beast, an unbeatable opponent—nothing could have possibly stopped this!
Sadly the truth of the matter is that most threats today are pretty basic. You can’t expect all of the new daily malware to be complex. It’s all quantity over quality. The minority of threats that aren’t basic come from organized groups of hackers are highly targeted. They aim at large financial companies for example.
Malware is advancing but because so many people and companies fail at some of the basic security measures, hackers haven’t really needed to step up to the plate to reinvent the wheel. Many tried, tested and true attacks still foil millions of people each day, so why do anything different?
Facebook scams still get clicked on, phishing emails still hook people, unknown attachments still get opened and weak passwords still get used. Until things change, malware won’t either.
Part of the solution is user awareness. The other part is using the right software. Anti-virus software can stop most of today’s threats, but not all of them. It’s naïve to think that anti-virus is all you need.
While most threats didn’t require special skills to develop, there are still some out there that are hard core. Remember Duqu? Even with threats like that, advanced threat protection can protect you. Simple as that.
If 97% of attacks are avoidable, you just have to avoid them. What are you waiting for?