In the time it took me to write this sentence, approximately 20 networks were hit with a cyberattack. No, it did not take me very long to write that sentence—it’s just that, according to the 2013 threat report from FireEye, a cyberattack is happening every 1.5 seconds.
Or, at least, that’s what happened in 2013, the time period the report covered. That number could be more frequent now. After all, in FireEye’s 2012 Advanced Threat Report, companies experienced a malware attack "every three minutes."
Look at that time difference in the course of one year. We went from enterprise networks being subjected to an attack every three minutes to nearly every second. For those who think the high-profile attacks we’ve seen over the past few months are an anomaly, think again. Enterprise is under attack, pure and simple. As the bad guys become more sophisticated and create even trickier ways to sneak onto a network, next year’s FireEye report will declare numbers that seem unimaginable right now.
In an eSecurity Planet article, FireEye senior global threat analyst Dr. Kenneth Geers provided a little insight into what is going on:
Across the board, we are seeing a global expansion of APTs, malware, CnC [command and control] infrastructure, and the use of publically available tools to facilitate the attack process. The global scale of the threat has put cyber defenders in the very difficult position of not having any clue where the next attack will come from.
According to the report, FireEye researchers examined more than 100 unique attacks a day. Attacks against Java were most common, and they discovered an increase in zero-day attacks on Internet Explorer. The report added:
[W]e categorized nearly 5,000 unique attacks as APT-directed – or over 13 unique APT attacks per day. Moreover, these targeted attacks come in many different disguises, and from any point on the globe.
FireEye’s research shows just how vulnerable every company is, no matter its size or location. In the time it took me to write this whole blog post, numerous attacks have been attempted. And as you read this, one or more attacks may have been issued against your company’s network. Scary to consider, but it's time that we all take cybersecurity seriously.