Fortinet has released their Global Threat Landscape Report – and some key takeaways are here.
- Adversaries are leveraging the pandemic effectively, including phishing and business email compromise schemes, nation-state backed campaigns, and deployment of ransomware.
- Threats are continuing to be more targeted, and web based malware is the most common delivery mechanism.
- “Even though 2020 looks to be on pace to shatter the number of published vulnerabilities in a single year, vulnerabilities from this year also have the lowest rate of exploitation ever recorded in the 20-year history of the CVE List. Interestingly, vulnerabilities from 2018 claim the highest exploitation prevalence (65%), yet more than a quarter of firms registered attempts to exploit CVEs from 15 years earlier in 2004.”
Why do we care?
The release has recommendations for CISOs which I won’t repeat, although I will focus on their reference to zero-trust network access.
Most networks are still being built as the “hard candy shell, soft nougat” center of design. Security gets added on top of that squishiness. The opportunity is in changing that. Assume everything is untrusted. Assume it’s going to fail. Assume it’s going to be broken into.
Now implement. Now deliver systems.