Lockheed Martin Cyber Kill Chain® Prominent Component of NTT Group’s 2016 Global Threat Intelligence Report
This year’s Global Threat Intelligence Report (GTIR) provides organizations the data needed to disrupt attacks. Solutionary, an NTT Group company, partnered with Lockheed Martin on their 5th annual GTIR. 2016 is the first year the report included partners with the goal of an expanded view of the threat landscape, and more analysis of attacks, threats and trends from last year. The 2016 GTIR includes information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks, and 8,000 security clients across 6 continents.
The report uses last year’s attack information and the Lockheed Martin Cyber Kill Chain to highlight practical application of the Cyber Kill Chain and explain a comprehensive strategy to enable effective security across the entire organization.
2015 Trends Inform 2016 Strategies:
|Trend data from incident response activities supported over the last 3 years illustrates, on average, only 23 percent of organizations are capable of responding effectively to a cyber incident. 77 percent have no capability to respond to critical incidents and often purchase incident response support services after an incident has occurred.|
|Spear phishing attacks accounted for approximately 17 percent of incident response activities supported in 2015. Spear phishing rose dramatically from less than two percent of incident response engagements in 2014.|
|Command and Control (C2) activity for clients required to comply with PCI was just over half the C2 activity of non-PCI clients. Clients who were required to be PCI compliant tended to observe 57 percent less C2 traffic than clients without PCI requirements.|
|Malware and DDoS related attacks required less incident response support compared to previous years. Malware-specific response activities were down approximately 33 percent and DDoS was down 12 percent. We observe DDoS activity is down overall, not only in incident response, but also based on observations derived from log and event monitoring.|
The 2016 GTIR provides organizations with the information necessary for resiliency and survivability in the face of an attack. The report illustrates how you can advance your security posture by applying the Cyber Kill Chain across your organization. By using the Cyber Kill Chain, your organization will better understand what the attackers are doing, and what you can do to disrupt the attack.
What you will find in the report?