Six months after the fact, Heartbleed continues to make news. Many websites are still vulnerable to the Heartbleed exploit and their stolen data has appeared in the online black market. Lists of vulnerable or unpatched websites have also appeared in the black market, and cybercriminals are taking aim.
These challenges were recently covered in McAfee’s latest Threats Report, which dives into the most dangerous cybersecurity trends on a quarterly basis. The report also found:
- Gameover Zeus Copy Cats: Despite the successful Operation Tovar that disrupted a worldwide botnet, copy cats are on the rise, with new variants of malware and ransomware based on Zeus code popping up.
- Malware Trends: McAfee Labs recorded 31 million new samples of malware this quarter – the most ever since measurements began.
- Phishing Scam Research: A recent quiz by McAfee showed that 80 percent of enterprise users fail to detect at least one of seven phishing emails. Phishing plays a major role in many high-profile breaches.
Countering the increasingly sophisticated cybersecurity threats to critical infrastructures, networks, intellectual property and privacy, such as these, requires strong cooperation between government, industry and NGO stakeholders. We believe this type of collaboration is necessary to improve cybersecurity in ways that promote innovation, protect citizens’ privacy and preserve the promise of the Internet as a driver of global economic development and social interaction.
That is why McAfee and Intel worked with other industry players, as well as NIST and other stakeholders, to develop a cybersecurity framework that is a model approach to solving these problems, not only here in the U.S. but around the world as well. It is a tool for companies to rate themselves on their cybersecurity posture; where they are, what’s in place and where they need to invest more. Implementing the framework will give the C-suite visibility into the risks their companies face. The framework is voluntary, ultimately letting companies decide for themselves what the acceptable risks are for their businesses and what they need to protect.
The NIST cybersecurity framework, if followed, can help shore up defenses to help companies address the types of challenges identified in our latest Threats Report. At a time when security is critical to providing the assurance that consumers and businesses need, the framework is an important tool to improve cybersecurity. It is also a great start toward raising awareness in critical infrastructure protection. The framework is not a panacea; however, it has the potential to be transformational.