Cybersecurity Report 18H2, our new periodic report on cybersecurity
Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just launched an own cybersecurity report, summarizing the most significant information from the second semester 2018. The report’s philosophy is providing a global, targeted and useful vision on the most relevant data and facts on cybersecurity. It is addressed to cybersecurity professionals and enthusiasts, in a simple and visually-appealing format. Let’s go over some of the data from this first edition, that will be continued and, without a doubt, further improved.
Nowadays there is a flood of information on cybersecurity. Nevertheless, it does not mean that this flood of information is correctly understood and analyzed, thus such information is not properly exploited to improve processes and be less vulnerable. Lack of information is as harmful as its excess. To be updated and inform people is not enough, but it is also necessary to analyze and be able to prioritize, learn what is important and why.
No matter if you are a cybersecurity professional or enthusiast, it is important that you can follow the rhythm of the relevant news on cybersecurity:
- What are the most relevant facts currently happening?
- What is the current outlook?
- How security problems, vulnerabilities and attacks are evolving?
It is necessary to summarize without losing depth. Given all the above, this report aims to summarize latest information on cybersecurity (ranging from security on mobile phones to cyber risk, from the most relevant news to the most technical ones and the most common vulnerabilities), while covering most aspects of the field, in order to help the readers to understand the risks of the current outlook.
This way, the readers will be provided with a tool to understand the state of cybersecurity from different approaches, so they will be able to find out its current state as well as to determine short-term trends. The information here presented is mostly based on the collection and synthesis of internal data that have been contrasted with public information from sources considered to be of quality. In the following lines you will find several important points extracted from the report.
The new security features of the last iOS version are focused on improving the user experience regarding passwords, specifically their better management and use. Over the second semester 2018, a total of 125 vulnerabilities for iOS were made public, 56% of them with a 7/10 severity or higher. Consequently, iOS gathers 1496 vulnerabilities from 2007. Over the same period, a total of 173 vulnerabilities for Android were made public, 18% of them with a 7/10 severity or higher. Consequently, iOS gathers 1950 vulnerabilities from 2009. 11% of iPhones execute an iOS earlier than 11. In case of Android, half of the current devices working with Android execute an unsupported version.
Around a third of the malicious applications detected were available on Google Play between 22 and 42 days. The total average (time malicious applications were published) is 47.45 days.
Most of the security problems detected from our clients are information leakages through sensitive files and metadata, as well as the poor implementation of HTTP headers aimed to protect from attacks.
A European company needs an average of almost 3 days to solve a malware threat. The fastest are insurance companies (they need less than 2 days), while the slowest are food production companies (more than 4 days). In Spain, entertainment industry needs up to 10 days to neutralize a malware threat. Gamarue and Conficker remain the most popular malware threats in Europe.