21 October 2020
Orange Cyberdefense, Europe’s largest managed security services provider, today announces the findings of its inaugural Security Navigator, which reveals a huge 23% decline in the number of recorded malware incidents in 2019, a year which also saw an increase in the total number of security events.
Security Navigator combines the unique perspective of Orange, as one of the world’s largest telecommunications operators, and Orange Cyberdefense, one of Europe’s leading security companies which, last year, analysed 263,109 events from data obtained from its 10 CyberSOCs and 16 SOCs. Out of these events, Orange Cyberdefense identified 11.17% as verified security incidents. This represents a 34.4% increase over the previous year’s rate of 8.31%. This is significant considering the total number of events grew by less than 3%.
One of the report’s key findings was a considerable decline in malware incidents. Of the events analysed, only 22% of incidents could be classified as malware-related in 2019, compared to 45% in the previous year. During the same period, application anomalies increased from 36% to 46% to claim the top spot as the most common incident cause in 2019.
“The findings don’t mean that malware is no longer a significant threat; far from it,” said Charl van der Walt, Head of Security Research at Orange Cyberdefense. “What it does suggest is that endpoint-centred prevention can significantly reduce the risk to businesses. What we see here is very likely the immediate result of investment in next-gen endpoint protection. While elaborate malware and APTs used in targeted attacks still do pose a serious threat, the skill level of the common cybercriminal simply does not match up-to-date endpoint protection anymore. And that is good news”.
The Security Navigator also revealed that malware-related incidents drop off during peak holiday periods in April, mid-July and early December, which indicates that cybercriminals are continuing to adopt a more professional nine-to-five-mentality.
“As odd as it seems, hackers do now appear to be taking regular holidays,” continued van der Walt. “This may explain the drop in April, when attacks slowed due to an early Easter holiday, as well as summer vacation and Christmas at the end of the year.”
Additional findings from the research include:
The full report with these findings and others is available here.