Midmarket Threat Report: eSentire SOC Sees 4 Million Q1 Cyberattacks
eSentire, a managed detection and response (MDR) services provider, discovered 4 million cyberattacks via its security operations center (SOC) in the first quarter of 2017, according to the company’s “Q1 2017 Midmarket Threat Report.”
The report also indicated cyberattacks impacted organizations across a variety of industries, with finance, legal, mining, retail and technology seeing the most activity in Q1 2017, eSentire pointed out.
The Q1 2017 Threat Report leveraged data gathered from more than 1,500 proprietary network and host-based detection sensors distributed across multiple industries, eSentire said.
Midmarket Cybersecurity Threat Report: Key Findings
In addition, the report highlighted several cyber threat trends, including:
- Intrusion attempts were the most prominent threat type in Q1 2017, followed by malicious code incidents. Moreover, intrusion attempts and information gathering accounted for roughly 75 percent of all observed attacks during the time frame.
- Scanning events increased in Q1 2017, and the detection of scanning events nearly doubled year over year in March. Meanwhile, as exploitation becomes more expensive for cyberattackers, the use of social engineering tactics such as phishing, spam and web pages that manipulate users into installing malware on their computer or divulging confidential information may become more prevalent over the next few years, eSentire stated.
- Weekdays experienced the largest volume of malicious code in Q1 2017, especially on Tuesday and Thursday. Meanwhile, availability and intrusion attempts have no clear weekday preference.
Furthermore, the report showed cybersecurity standards in small companies are often cost-effective unless security tasks are outsourced to companies specializing in security, eSentire noted.
How to Minimize an Organization’s Threat Surface
eSentire offered the following recommendations to help cybersecurity administrators reduce an organization’s threat surface:
- Limit the number of externally facing endpoints within an organization, including printers and web pages, and ensure they are only used internally.
- Deploy a virtual private network (VPN) that requires a password for users to access a network.
- Implement device and program patches and updates regularly.
- Disable PowerShell on Windows machines and use nonstandard ports for protocols (FTP, SSH, RDP, etc.).
- Teach employees how to identify, avoid and report social engineering attacks.
With these tips, cybersecurity administrators can help their organizations prepare for the rapidly evolving cyber threat landscape in the years to come, eSentire indicated in a prepared statement.