Inside Symantec's 2014 Threat Report Kevin Haley on Mega Breaches and the Internet of Things
Inside Symantec's 2014 Threat Report
Symantec's Kevin Haley
Symantec's 2014 Internet Security Threat Report calls 2013 the year of the mega breach. Why? Because it's getting far too easy for the bad guys to pull off these breaches, says Symantec's Kevin Haley.

According to Symantec, 2013 saw a 62 percent increase in breaches over 2012, with 253 total breaches. Eight of those breaches exposed more than 10 million identities. In all, more than 552 million identities were breached in 2013, Symantec says.

"There's very little barrier to entry for bad guys," says Haley, Symantec security response director, in an interview with Information Security Media Group. "Attacking 100 people, moving it to 1,000, there's isn't a lot of additional effort required. It's very simple to expand their attacks and clearly these attacks are working; they're being successful for the bad guys, so they're continuing to do them, continuing to push these areas, and making the Internet a little less secure."

Haley's comments came on April 8, the day the security provider issued its 2014 Internet Security Threat Report. Among the report's key findings:

  • 91 percent increase in targeted attacks campaigns in 2013;
  • 62 percent increase in the number of breaches in 2013;
  • Over 552 million identities were exposed via breaches in 2013;

In addition to the mega breaches, Symantec calls out six other threat trends, including the growth and evolution of targeted attacks, an increase in zero-day vulnerabilities, and a 500 percent growth in ransomware attacks.

In the interview, Haley explains the flourishing cybercrime underworld industry that mimics legitimate businesses with programmers, service providers, distributors and outsourcers. "In general, high-end groups innovate and create new methods of attack, and then that innovation trickles down through the ranks as toolkits get written, cookbooks get put out there on how to do these things. The people on the low end learn from those up on the high end," he says.

Haley also discusses how organizations struggle with keeping up with the rapid change of cyberthreats, and provides advice on what enterprises should do about it. He also addresses the security challenges presented by the Internet of Things, and explains why he believes vendors should be more proactive in securing the devices they sell to end-user organizations.

And he predicts what will be the hot security topic Symantec likely will address next year in its 2015 Internet Security Threat Report.

Haley is responsible for Symantec's global intelligence network, where he educates consumers and customers about security issues. During his 13 years at company, Haley has helped develop its anti-virus solutions for endpoints and mail servers and create network and system management solutions. Earlier, he worked on software distribution tools at Hewlett-Packard and was a product manager at Sun Microsystems.

Around the Network