The 2014 NTT Group Global Threat Intelligence Report is the first such annual study since Solutionary was acquired by NTT Group in 2013. Researchers went into the project believing they would glean insights into the efficacy of current technology solutions. But in conducting the study, Kraus and his research team discovered that even some of the most basic security defenses were not so common.
"So, the mantra behind this year's report is to look at the difference between doing [and not doing] the basics - vulnerability lifecycle management, anti-malware controls, anti-virus controls, patch management, incident response capabilities ...," says Kraus, director of research for the Solutionary Engineering Research Team.
"Organizations in many cases are doing [these practices]," Kraus says, "but they're not always necessarily doing them well."
Hence, among key findings of the study:
- The cost for a "minor" SQL injection attack can exceed $196,000;
- Anti-virus applications fails to detect 54 percent of new malware;
- Healthcare has seen a 13 percent increase in botnet activity.
In an interview with Information Security Media Group about the annual report's key findings, Kraus discusses:
- Headlines from this year's report;
- Why conventional defenses are not enough to mitigate today's dominant threats;
- How organizations can use the report to improve their own defenses.
Kraus is the director of research for the Solutionary engineering research team. He is a Certified Information Systems Security Professional (CISSP), specializing in vulnerability research, malware analysis, threat intelligence, Web application security assessments, external and internal penetration testing, and social engineering. He previously was a manager within Solutionary's security consulting services group.
In addition to Solutionary, other NTT Group Security companies include: NTT Data, Dimension Data, NTT Communications, NTT Com Security, and NTT Innovation Institute i3.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.