Skip Navigation
BlackBerry Blog

Expert Insights: Understanding Attack Diversity

NEWS / 07.26.17 / Chad Skipper

To better understand the current attack landscape, Cylance commissioned a nationwide survey of over 200 qualified IT cybersecurity mid- and senior-level staff, and queried them about their recent attack history. The resulting data on Infection Scenarios provides rare insights into how large companies across a variety of industries are being targeted by attackers, and how often attackers are successful.

The data represents responses from IT decision makers in the following top five surveyed industries:

  • Internet and Technology (22%)
  • Manufacturing (14%)
  • Healthcare and Pharmaceuticals (10%)
  • Retail (9%)
  • Financial (8%)

Unsurprisingly, the data shows that attackers are targeting employees, and their endpoints, repeatedly. Across every industry, phishing attacks led all attack instances, with several organizations sharing details on successful attacks. The data also unfortunately indicates that many security solutions in place today are unable to prevent successful attacks, leading to increased and costly downtime.

The Infection Scenarios portion of the survey focused primarily on the following topics:

  • Frequency and business impact of successful attacks
  • Attack diversity
  • Breach/compromise reporting requirements

We invite you to access the complete survey results here; in the meantime, here are a few highlights:

Frequency and Business Impact of a Breach

Organizations have a myriad of security tools in place, many from well-known providers with a long history of delivering security solutions. However, our survey findings paint a dire picture regarding successful attacks. The diversity in attack type coupled with the onslaught of new malware variants released daily means security solutions that rely on signature-based prevention techniques will struggle to prevent a successful attack.

Attack Diversity

As previously mentioned, phishing attacks were most successful, according to our respondents, but the more disturbing piece of information garnered from the survey is the attack diversity organizations are experiencing. As a decision maker in purchasing a cybersecurity solution, our respondents shared their buying criteria (see associated report) and there is an observable correlation between the attack diversity each company experienced, and their buying criteria when evaluating a cybersecurity solution.

Breach Reporting Requirements

Many regulatory bodies and internal stakeholders require forensic analysis of a breach. Reviews or audits of security tools are almost 100% required, though the timing of the reporting activities varies across the respondents. The survey results point to the need for more advanced and automated reporting tools.

Infection Trends and Your Environment

Understanding how other companies are being attacked can help you understand the steps you need to take to protect your environment. Read a summary of the full Infection Scenarios survey results here and see how your experience compares.

Chad Skipper

About Chad Skipper

Vice President of Competitive Intelligence & Product Testing at Cylance

Chad Skipper leads industry analysis and testing of Cylance’s flagship product CylancePROTECT®. Chad is a security technologist veteran focusing on a broad section of the Information Security space. Chad has contributed heavily within product development, engineering, security research, product marketing and product management. Chad is a public speaker of many security topics through a variety of venues and is co-author of 'ext-Generation Anti-Malware Testing for Dummies.

Whether at Symantec, Cisco, BlackStratus, Dell, and now Cylance, Chad has played a significant role in the security design and architecture of endpoint, network, cloud, and hosted security services, and in advancements in security prevention, security management, monitoring, testing and intelligence mitigation solutions.

Chad holds a BS degree from Park University, Magna Cum Laude: Management/ Computer Information Systems.