Inside the New Global Threat Report Rob Kraus of Solutionary on 2014's Top Threats, Vulnerabilities
Rob Kraus
Even so-called minor breaches can cost organizations nearly $200,000, according to one finding from NTT Group's annual Intelligence Report. Rob Kraus of Solutionary shares the study's insights and advice.

The 2014 NTT Group Global Threat Intelligence Report is the first such annual study since Solutionary was acquired by NTT Group in 2013. Researchers went into the project believing they would glean insights into the efficacy of current technology solutions. But in conducting the study, Kraus and his research team discovered that even some of the most basic security defenses were not so common.

"So, the mantra behind this year's report is to look at the difference between doing [and not doing] the basics - vulnerability lifecycle management, anti-malware controls, anti-virus controls, patch management, incident response capabilities ...," says Kraus, director of research for the Solutionary Engineering Research Team.

"Organizations in many cases are doing [these practices]," Kraus says, "but they're not always necessarily doing them well."

Hence, among key findings of the study:

  • The cost for a "minor" SQL injection attack can exceed $196,000;
  • Anti-virus applications fails to detect 54 percent of new malware;
  • Healthcare has seen a 13 percent increase in botnet activity.

In an interview with Information Security Media Group about the annual report's key findings, Kraus discusses:

  • Headlines from this year's report;
  • Why conventional defenses are not enough to mitigate today's dominant threats;
  • How organizations can use the report to improve their own defenses.

Kraus is the director of research for the Solutionary engineering research team. He is a Certified Information Systems Security Professional (CISSP), specializing in vulnerability research, malware analysis, threat intelligence, Web application security assessments, external and internal penetration testing, and social engineering. He previously was a manager within Solutionary's security consulting services group.

In addition to Solutionary, other NTT Group Security companies include: NTT Data, Dimension Data, NTT Communications, NTT Com Security, and NTT Innovation Institute i3.




Around the Network