App and Web usage soften as encryption, data volumes challenge security
- 14 June, 2017 13:11
Mobile malware accounted for nearly 1 in 10 malware strains detected during the first quarter, Fortinet has warned on the back of research findings that also suggested that a similar proportion of companies had been hit by ransomware during the quarter.
Growth in ‘crime-as-a-service’ infrastructure was shifting the pendulum away from localised threats, the company warned in its Q1 Threat Landscape Report, with Australian companies increasingly caught up in the escalating proportion of attacks executed on a global basis.
The figures – derived from observations from Fortinet devices in live production environments worldwide – identified some distinct changes in the nature of enterprises’ application usage: for example, the average organisation is now using less than 200 applications for the first time ever.
At the same time, the “statistically significant” growth of Android malware like Qysly/Ztorg – which Fortinet classified as “very advanced in hiding its behaviour” – reflected an overall reduction in malware volumes, although around 20 percent of organisations detected mobile malware during the quarter.
Even as mobile use grew, other types of apps were becoming more common. Overall, the average number of streaming apps per business was down from 24 in Q2 last year to just 16 in Q1 of this year, while the number of social apps dropped from 19 to 14 in the same period even as the number of infrastructure-as-a-service (IaaS) cloud apps grew from 22 to 29.
The average number of daily Web site visits was down from 590 to 502 over the same period, with the number of SaaS apps down from 35 to 33. Managed service providers, predictably, had the most SaaS applications (61) on average while education (59), aerospace & defence (53), media/communications, environmental (40.5), and legal (40) companies followed suit.
The reduction in average SaaS numbers suggests that many businesses are finally succeeding in getting their application infrastructure under control, controlling or blocking previously unmanaged apps that can create security blind spots due to lack of visibility.
“IT infrastructure shapes the environment in which threats occur and evolve,” the report’s authors note in conjunction with an analysis showing telecommunications companies generally had the fewest apps and education providers, the most. “But it also acts as a window into broader security policies and governance models.”
Application numbers are only one part of the equation, however: with daily bandwidth usage up from 7.7GB to 8.5GB on average – and the use of HTTPS encryption up from 49.8 percent of traffic to 54.9 percent this quarter – the Fortinet figures suggest new security challenges abound.
“While helpful to maintaining privacy, this trend presents challenges to threat monitoring and detection,” the report’s authors warn. “Organisations cannot afford to turn a blind eye towards threats that might be lurking within encrypted communications.”
Indeed, the figures are a sobering reminder of the ongoing threats faced from a rapidly changing climate in which 80 percent of organisations reported high or critical-severity exploits against their systems. Many of these stemmed from old vulnerabilities that remained unpatched – a threat vector so pervasive that Microsoft this week took the unusual step of releasing new patches for the no-longer-supported Windows XP operating system.
Growing threat volumes are driving upgrades at every point in the cybersecurity defence chain: distributed denial of service (DDoS) fighter Arbor Networks, for one, announced this week that it has doubled the capacity of its DDoS-fighting Arbor Cloud from 2Tbps to 4Tbps and will double it again, to 8Tbps, by the end of the year.