The new 2017 SANS Threat Landscape survey from the well-known research and education specialist finds that security professionals rate phishing at 72 percent, spyware at 50 percent, ransomware at 49 percent, and Trojans at 47 percent as being the top threats today. We strongly recommend you download the whole study and read it top to bottom. There is also an on-demand webcast you should watch.
From the new study (PDF) Executive Summary: "Endpoints—and the users behind them—are on the front lines of the battle: Together they represent the most significant entry points for attackers obtaining a toehold into the corporate network. Users are also the best detection tool organizations have against real threats."
We agree, having a Phish Alert button in the Outlook Ribbon helps detect phishing attacks much faster.
"Users and their endpoints are still in the cross hairs," says Lee Neely, SANS analyst, mentor instructor and author of the survey report. "Traditional and malware-less threats keep popping up at every corner, making our jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them at bay."
Top Vectors
In the survey, 74% of the threats entered as an email attachment or link, 48% entered the browser via web-based drive-by or download, and 30% through application vulnerabilities on user endpoints.
Interestingly, few of the threats experienced are new zero-days, with 76 percent of security professionals admitting that less than 10 percent of the significant threats they saw were zero-day. "Today's threats predominately leverage the same old vulnerabilities and techniques," adds Neely. "The time is ripe to change our protections as well as remediation processes to stem the tide of successful threat vectors."
Improvements needed
"When asked what could be done to prevent threats from entering the organization, the message that came through was a call for needed human and tool improvements, both for end users and IT staff. In the survey, 67% told us users need training to be more aware, and 42% called out the need to improve operational practices, including patching, as illustrated in Figure 13. "
#1 Threat Response: "Train our users to be more aware"
The SANS threat response section is very thorough, and covers all major areas that need attention and mitigation. We're highlighting one area here, because it was the number one investment choice on the question: "In the next 18 months, in what area do you intend to make a major investment to protect, detect and respond to threats in your environment? The graph is figure 15 in the report:
One of the very valuable survey conclusions was: "Try as we might to improve the technical capabilities, 21% of respondents state their organizations are focusing on user education as their primary investment to protect their environment. It is time to take user training to the next level. User training has to be commensurate with the threats our adversaries are throwing at us. Measure that training effectiveness with an eye to user success, not achievement of absolute success."
We could not agree more and again, we strongly recommend you download the whole study and read it top to bottom. There is also an on-demand webcast you should watch.