According to the latest AlienVault® survey, security professionals are most worried about threats that are constantly evolving and can evade traditional defenses. Of over 600 conference participants at Black Hat USA, the largest group of respondents (43%) cited ransomware as their biggest security concern, while the second largest group, 31%, were most worried about polymorphic malware. In terms of ransomware, the biggest fear for most participants (38%) was not being able to prevent future infection.
Recent studies have found that 97% of successful malware infections employ polymorphic techniques. The shapeshifting capabilities of new malware strains are particularly concerning for security professionals because they render traditional endpoint security solutions ineffective, as these defenses cannot usually identify and stop new threats that haven’t been seen before.
Concerns around emerging threats have sparked a significant increase in collaboration by the cybersecurity industry.
Javvad Malik, security advocate at AlienVault, explains: “For years, security teams have perpetuated the myth that one can create an orderly, protective security bubble around an organization to keep the bad guys out. But new and emerging threats are challenging this approach. Cybersecurity never stops, so it’s vital that security teams pool their collective expertise by sharing threat intelligence. The harsh reality is that no number of security systems can stop an attack; they can only reduce the risk. Spotting potential problems before they escalate is vital to minimizing future damage from cyber-attacks.”
This changing threat landscape has fuelled a significant increase in the public sharing of threat intelligence over the past two years. AlienVault has been tracking the sharing of threat data through surveys at security conferences worldwide since 2015. In 2015, just 8% of Infosecurity Europe conference participants, and 14% of those attending Black Hat USA, said that they publicly shared details about new threats they discovered. In the 2017 survey of Black Hat conference participants, this percentage had jumped to 17%.
Furthermore, the results also show that security professionals are now trusting the threat intelligence available to them more than they did two years ago. In particular, the number of those who trust open source threat intelligence has doubled from 15% in 2015 (Infosecurity Europe participants only) to 31% of those surveyed at Black Hat 2017. This increased trust may be due by the proven ability of open source tools to respond quickly in the event of serious threats. For example, the AlienVault Open Threat Exchange® identified indicators of compromise and had issued correlation rules to detect Petya ransomware within the first two hours of its initial attack. In addition, advice and guidance on the EternalBlue exploit was available 18 days before WannaCry ransomware hit the internet.