Trend Micro’s 2014 Security Roundup Highlights the Terrible Cost of Cyberattacks for Organisations

SINGAPORE, March 10, 2015 – Trend Micro Incorporated (TYO: 4704; TSE: 4704) today announced its 2014 Annual Security Roundup Report, titled “The High Cost of Complacency". Looking back at patterns in the year gone by, it is clear that the magnitude of financial and reputational damage as a result of cyberattacks will continue to increase, with the Sony data breach towards the tail-end of 2014 compromising 100 terabytes of data and inflicting up to $100 million in damages. Closer to home, more than 1,500 SingPass accounts were breached in June last year, possibly exposing users’ sensitive personal information. The cost of data breaches will only continue to grow as the value of sensitive data increases in this era of an information economy.

Additionally, Heartbleed and Shellshock proved that no application is invulnerable, with widely used software and platforms exploited to instigate attacks that rendered targets defenseless. The overall take away is this – organizations across the region can ill afford to be the least bit complacent as we head into 2015. As we enter into the Internet of Everything era, the growth of connected devices that intersect with enterprise networks as a result of the Bring-Your-Own-Device (BYOD) trend will expose organizations to even more vulnerabilities. The recent launch of the Apple watch is likely to greatly accelerate the adoption of wearables and their cross-over into the enterprise, further emphasizing the pressing need for getting security right.

The report findings also mean that organizations need to find the right people for the job of protecting their networks, while at the same time educating their entire staff about the importance of data security. The reality today is that cybercriminals are well organized, resourceful and agile, and are more than ready and able to exploit any security gaps or weak links – which is more often than not human error and complacency – to steal the most sensitive data – be it personally identifiable customer information or sensitive IP.

Report highlights include:

• New attacks showed that no application was invulnerable in 2014 as attackers branched out into new territory
• No threat is too small. It does not take a sophisticated piece of malware to cripple a target. Attackers can use a simple wiper to breach company’s defenses with devastating effects.
• PoS RAM scrapers are close to becoming a mainstream threat. In 2014, several high-profile targets lost millions of customer data to attackers month after month.
• Online and mobile banking will face bigger security challenges, while two-factor authentication is seemingly no longer enough to secure sensitive transactions
• Ransomware is becoming a bigger and more sophisticated threat across the APAC region, and unlike older variants no longer just issue empty threats but actually encrypt files.

These increase in the frequency of attacks over 2014 can be attributed to the increase in the quality of attacks, with cyber criminals adopting targeted attack techniques. New platforms and infection vectors such as social networking sites and mobile spam continue to be explored. Cyber attackers also turned to bulk creation of new domains for phishing sites (88.65% increase in the number of phishing sites in 2014) as compared to renewing them which was more cost-effective for them.

“The past year was unprecedented in terms of the size and scope of cyberattacks as evidenced by the incidents with Sony, JP Morgan, Target, and even the SingPass breach closer to home. Unfortunately, this will most likely be a ‘sneak peek’ of what is to come in 2015. The best response that organizations here can give is a combination of identifying what’s most important, deploying the right technologies, and educating users," said David Siah, Country Manager, Trend Micro Singapore. “It is everybody’s job – not just those of IT professionals – to ensure that the company’s core data stays safe."

Regional data from the report also indicates that for Singapore, hits to malicious sites hosted in Singapore have increased from Q3 (611K) to Q4 2014 (1.3M). The good news is that on the flipside, hits to malicious sites from Singapore-based users or endpoints have decreased in Q4 2014 (6.7M compared to 7M in Q3 2014), whilst malicious email queries (8.4M in Q3 2014 to 4.3M in Q4 2014) and malware detections (3M in Q3 2014 to 2.3M in Q4 2014) have similarly declined.

For the complete report, please visit report.

A blog post regarding the report can be viewed here.