Dell has published its yearly Threat Report, analysing the most common attacks of 2014 as well as emerging threats organisations should be actively protecting themselves against in 2015.
According to results, point-of-sale (POS) malware, malware traffic in encrypted (https) web protocols and attacks on supervisory control and data acquisition (SCADA) systems were among the biggest problems facing business cyber security in 2014, increasing significantly from the previous year.
Patrick Sweeney, executive director at Dell Security, said: "Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed. Hacks and attacks continue to occur, not because companies aren't taking security measures, but because they aren't taking the right ones."
POS systems were hit hard in 2014, with many prominent names affected by fraud and identity theft for their customers. According to the report, POS malware has actually evolved over the last year, with Sweeny commenting:
"Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise. To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers."
Symantec's Internet Security Threat Report, also released this week, has painted a similarly gloomy picture of the ability for businesses to tackle incoming threats versus the increasing sophistication of malware.
"Attackers don't need to break down the door to a company's network when the keys are readily available," Kevin Haley, director of Symantec Security Response, said. "We're seeing attackers trick companies into infecting themselves by Trojanising software updates to common programs and patiently waiting for their targets to download them giving attackers unfettered access to the corporate network."
Worrying results indicated that companies are still taking an average of 59 days to create and distribute security patches, with hackers taking advantage of this gap in cases such as Heartbleed.
Not all threats are being delivered in new and more sophisticated ways, as email is still a huge avenue for cyber criminals, with social media scams coming in just behind.
"Cybercriminals are inherently lazy," Haley added. "They prefer automated tools and the help of unwitting consumers to do their dirty work. Last year, 70 per cent of social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friends."
Ransomware attacks rose by 113 per cent during the last year, with 45 times more victims of these aggressive attacks than in 2013.
Matt White, senior manager in KPMG's cyber security practice, commented: "Whilst technology based solutions still play a vital part of security, in order to begin winning the war' we need to look at more basic strategies.
"Locking down who has access to what in a company's systems (so that people only have the access the need to do their jobs) is a relatively straightforward way to reduce vulnerabilities and risk, yet time and time again we see the fundamentals not being applied. Until we start getting the basics right we won't get ahead of the cyber criminals."
In order to tackle the increase in some security risks, Dell predicts that organisations will begin to use two-factor authentification as part of their policies, and Android will continue to be targeted aggressively by malware writers, specifically targeting apps, banks and certain user demographics.
In addition, as wearable technology starts to take root, malware will react accordingly and begin to target our smartwatches and headsets. Electric vehicles will also be under more threat.
In general, there is a pervading fear that cybercriminals are one step ahead of organisations hoping to stay secure, leading to threats infiltrating businesses before they can conceivably protect themselves.
