Internet users in the United States vastly underestimate how often their home networks are targeted by cyber threats. That’s one of the key findings of a new Comcast report.
Cyber threats growing numerous and complex
Since January, nearly six billion cybersecurity threats have been blocked – representing an average of about 104 cybersecurity threats per home per month.
“The cyber threats facing even the most lightly connected homes have grown so numerous and so complex, that ordinary people can barely keep track, much less protect themselves,” said Noopur Davis, Chief Product and Information Security Officer, Comcast.
Xfinity xFi users have on average 12 devices per home and added two devices over the past year, while high-end users have as many as 33 devices and added five since last year. And, 61 percent of consumers plan to buy at least one connected device during the upcoming holiday shopping season. With the number of connected devices in the home increasing, cybersecurity protection has never been more important.
Consumers underestimate attack volume
95 percent of survey respondents underestimated the volume of attacks they face each month. The average volume indicated by respondents was 12 attacks per month.
Mix of devices most targeted
The top five most vulnerable devices in connected homes are:
- Computers and laptops
- Smart phones
- Networked cameras
- Networked storage devices
- Streaming video devices.
Consumer disconnect on cybersafe behavior
96 percent of consumers surveyed were not familiar with how to answer six basic true/false cyberthreat questions.
Further, 85 percent of respondents indicated they are taking all the necessary security precautions needed to protect their home networks, and yet 64 percent admitted to behaviors like sharing passwords with friends and family that open themselves up to attack.
No screen means more risk
What many people don’t realize is that connected devices can pose a security risk. Cyber criminals target them because many have little or no security protection and devices without screens can be more easily hacked without the consumer even knowing it.
83 percent of consumers would not be 100 percent confident they’d know if one of their non-screen devices – such as a wireless printer or security camera – had been hacked.
As COVID-19 lockdown measures were implemented in March-April 2020, consumer and business behavioral changes transformed the internet’s shape and how people use it virtually overnight. Many networks experienced a year’s worth of traffic growth (30-50%) in just a few weeks, Nokia reveals.
By September, traffic had stabilized at 20-30% above pre-pandemic levels, with further seasonal growth to come. From February to September, there was a 30% increase in video subscribers, a 23% increase in VPN end-points in the U.S., and a 40-50% increase in DDoS traffic.
Ready for COVID-19
In the decade prior to the pandemic, the internet had already seen massive and transformative changes – both in service provider networks and in the evolved internet architectures for cloud content delivery. Investment during this time meant the networks were in good shape and mostly ready for COVID-19 when it arrived.
Manish Gulyani, General Manager and Head of Nokia Deepfield, said: “Never has so much demand been put on the networks so suddenly, or so unpredictably. With networks providing the underlying connectivity fabric for business and society to function as we shelter-in-place, there is a greater need than ever for holistic, multi-dimensional insights across networks, services, applications and end users.”
The networks were made for this
While the networks held up during the biggest demand peaks, data from September 2020 indicates that traffic levels remain elevated even as lockdowns are eased; meaning, service providers will need to continue to engineer headroom into the networks for future eventualities.
Content delivery chains are evolving
Demand for streaming video, low-latency cloud gaming and video conferencing, and fast access to cloud applications and services, all placed unprecedented pressure on the internet service delivery chain.
Just as Content Delivery Networks (CDNs) grew in the past decade, it’s expected the same will happen with edge/far edge cloud in the next decade – bringing content and compute closer to end users.
Residential broadband networks have become critical infrastructure
With increased needs (upstream traffic was up more than 30%), accelerating rollout of new technologies – such as 5G and next-gen FTTH – will go a long way towards improving access and connectivity in rural, remote and underserved areas.
Better analytical insights enable service providers to keep innovating and delivering flawless service and loyalty-building customer experiences.
Deep insight into network traffic is essential
While the COVID-19 era may prove exceptional in many ways, the likelihood is that it has only accelerated trends in content consumption, production and delivery that were already underway.
Service providers must be able to have real-time, detailed network insights at their disposal – fully correlated with internet traffic insights – to get a holistic perspective on their network, services and consumption.
Security has never been more important
During the pandemic, DDoS traffic increased between 40-50%. As broadband connectivity is now largely an essential service, protecting network infrastructure and services becomes critical.
Agile and cost effective DDoS detection and automated mitigation are becoming paramount mechanisms to protect service provider infrastructures and services.
This year’s shift to a near 100% WFH workforce by the Global 5000 has significantly changed the behaviors of trusted insiders, a DTEX Systems report reveals.
Key findings include a 450% increase in employees circumventing security controls to intentionally mask online activities and 230% increase in behaviors that indicate intent to steal data.
The data was collected during interviews with hundreds of customers and Global 5000 organizations representing a diverse sample set of businesses that varied by size, industry, and geography.
“Our findings indicate that in 2020 the equilibrium of employee security and trust has been broadly disrupted and is currently in chaos,” said Mohan Koo, CTO at DTEX Systems.
“Trusted insiders once thought to be reliable and responsible are changing their behaviors and increasing the risk of data loss, external attack and regulatory compliance violations for their employers.”
56% of companies reported remote workers actively bypassed security controls to intentionally obfuscate online activity. This is more than 4.5 times higher than 2019 which represents a 450% increase in the first eight months of 2020.
- More than 70% of the escalated incidents visible to the security and HR teams included at least one attempt to circumvent a second security control to exfiltrate data without detection.
- Companies reported remote workers most commonly attempted to intentionally bypass the corporate VPN to mask their online activities.
72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them or a new employee looking to inject IP from a previous employer. This represents an increase of 2.3 times, or 230%, over similar behaviors seen in 2019.
Over 40% of incidents proactively detected flight risk behavior as well as abnormal reconnaissance or data aggregation activities.
The growth in premeditated data theft attempts and intentional activity masking behaviors by employees strongly suggests that companies are facing a heightened risk of data loss as virtual employment models become the norm, furloughs are extended and reduction-in-force actions continue.
The findings in this report highlight the lack of adoption and ineffectiveness of network and endpoint cybersecurity, employee monitoring and data loss prevention tools and suggest that organizations need to prioritize the human-element and workforce behavior in relation to data, process and machines as a pillar of their next-generation security and IT technology strategies.
Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals.
Seventy-eight percent also reported that security awareness training activities resulted in measurable reductions in phishing susceptibility.
The report examines global data from nearly 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period, along with third-party survey responses from more than 600 information security professionals in the U.S., Australia, France, Germany, Japan, Spain, and the UK.
The report also analyses the fundamental cybersecurity knowledge of more than 3,500 working adults who were surveyed across those same seven countries.
A people-centric approach is recommended
“Effective security awareness training must focus on the issues and behaviors that matter most to an organization’s mission,” said Joe Ferrara, senior vice president and general manager of Security Awareness Training for Proofpoint.
“We recommend taking a people-centric approach to cybersecurity by blending organization-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognize and report attacks.”
End-user email reporting, a critical metric for gauging positive employee behavior, is also examined within this year’s report. The volume of reported messages jumped significantly year over year, with end users reporting more than nine million suspicious emails in 2019, an increase of 67 percent over 2018.
The increase is a positive sign for infosec teams, as there’s a trend toward more targeted, personalized attacks over bulk campaigns.
Users need to be increasingly vigilant in order to identify sophisticated phishing lures, and reporting mechanisms allow employees to alert infosec teams to potentially dangerous messages that evade perimeter defenses.
Phishing attacks in 2019: Key takeaways
More than half (55 percent) of surveyed organizations dealt with at least one successful phishing attack in 2019, and infosecurity professionals reported a high frequency of social engineering attempts across a range of methods.
88 percent of organizations worldwide reported spear-phishing attacks in 2019, 86 percent reported BEC attacks, 86 percent reported social media attacks, 84 percent reported SMS/text phishing (smishing), 83 percent reported voice phishing (vishing), and 81 percent reported malicious USB drops.
Sixty-five percent of surveyed infosec professionals said their organization experienced a ransomware infection in 2019; 33 percent opted to pay the ransom while 32 percent did not. Of those who negotiated with attackers, nine percent were hit with follow-up ransom demands, and 22 percent never got access to their data, even after paying a ransom.
Organizations are benefitting from consequence models. Globally, 63 percent of organizations take corrective action with users who repeatedly make mistakes related to phishing attacks. Most infosec respondents said that employee awareness improved following the implementation of a consequence model.
Many working adults fail to follow cybersecurity best practices. Forty-five percent admit to password reuse, more than 50 percent do not password-protect home networks, and 90 percent said they use employer-issued devices for personal activities. In addition, 32 percent of working adults were unfamiliar with VPN services.
Recognition of common cybersecurity terms is lacking among many users. In the global survey, working adults were asked to identify the definitions of the following cybersecurity terms: phishing (61 percent correct), ransomware (31 percent correct), smishing (30 percent correct), and vishing (25 percent correct).
These findings spotlight a knowledge gap among some users and a potential language barrier for security teams attempting to educate employees about these threats. It’s critical for organizations to communicate effectively with users and empower them to be a strong last line of defense.
Millennials continue to underperform other age groups in fundamental phishing and ransomware awareness, a caution that organizations should not assume younger workers have an innate understanding of cybersecurity threats. Millennials had the best recognition of only one term: smishing.