Gain Top-Notch InfoSec Skills at SANS Las Vegas 2018. Save $400 thru 12/6.

Press


Playing Whack-a-Mole: Results of the 2017 SANS Threat Landscape Survey

Users and Endpoints Are Both Targets, Part of the Solution

  • Bethesda, MD
  • August 7, 2017

Endpoints - and the users behind them - are on the front line in today's security battles, according to results of a new survey on the threat landscape to be released by SANS Institute on Tuesday, August 15.

"Users and their endpoints are still in the cross hairs," says Lee Neely, SANS Analyst, Mentor Instructor and author of the survey report. "Traditional and malware-less threats keep popping up at every corner, making our jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them at bay."

Phishing (72%), spyware (50%), ransomware (49%) and Trojans (47%) are the threats most seen by respondents' organizations, but not all of these have significant impact. When it comes to impact, phishing causes the most damage, and 40% of survey respondents experienced phishing attacks, including spearphishing and whaling in the last year.

Almost one-third of respondents also experienced a malware-less threat entering their organization, impacting IT systems and adding to IT staff workload. These attacks are more difficult to find because they can't be detected by signature-based technologies. Scripting attacks were the most common malware-less incident, while credential compromise or privilege escalation caused the most impact.

Few of the threats respondents faced were new zero-day threats, with 76% admitting that under 10% of the significant threats they saw were zero-day.

"Today's threats predominately leverage the same old vulnerabilities and techniques," according to Neely. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."

Users are also part of the solution, with 37% of respondents indicating that calls to the help desk helped them discover their most impactful threats. According to the survey results, user training, improved operational security practices and improved visibility into network and endpoint behavior are the top measures to improve threat prevention success and reduce the need to play Whack-a-Mole.

Full results will be shared during a webcast on Tuesday, August 15 at 1 PM EDT, sponsored by Cylance, FireEye, McAfee, and Qualys, and hosted by SANS. Register to attend the webcast at www.sans.org/webcasts/104452

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and network security expert, Lee Neely.

Tweet This:

Stop playing Whack-a-Mole with security. Learn best practices. | Aug. 15, 1 PM Eastern | Register: www.sans.org/webcasts/104452

Users and endpoints at risk. Explore the threats they face and how to protect them. | Register for 8/15 webcast: www.sans.org/webcasts/104452

No need for zero-day threats, old vulnerabilities still work. Learn improvements needed. | 8/15 webcast: www.sans.org/webcasts/104452

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)