Introduction

In this section:

AT&T has unparalleled visibility to cyberthreats

Executives need security insights and details to build best practices

Bottom line: Make cybersecurity everyone's responsibility, including the executives

AT&T aims to arm you with information and best practices for elevating security in your organization to a strategic business imperative. We have unparalleled visibility into the data traveling over our network because we analyze over 10 petabytes of traffic each and every day. We're in a unique position to provide information and suggest best practices to elevate strategic security decisions.

This report — the first in a series we are calling AT&T Cybersecurity Insights — focuses on the adversaries attacking from inside and outside your organization.

The Center for Strategic and International Studies put the cost of cyberattacks to the world economy at around $445 billion,4 or almost 1% of global income. Even at the low end of the range, that considerable figure is more than the national income of most nations and governments.5

Supporting a global network, we see increasing attacks against a variety of organizations. We have seen a 62% growth in DDoS attacks across our network in the last two years.6

We have also seen a dramatic 458% increase in Internet of Things (IoT) vulnerability scans against devices.7 A scan is an adversary looking for a weakness in your network defenses. The cost per security incident keeps rising. Organizations reporting financial hits of $20 million or more increased 92% over the number in 2013.8

Worldwide spending on information security was expected to reach $71.1 billion in 2014. Total information security spending is expected to grow 8.2% in 2015, reaching $76.9 billion.9

According to a recent survey,10 nearly half of large companies are re-evaluating their information security standards as a result of high-visibility data breaches.11 But that leaves 51% of large companies who are not. That indicates that many are lulled into a false sense of security or are willing to gamble that cyberattackers will overlook them in favor of richer targets.

IT and business leaders want insights into the motives and methods of specific attackers to better prepare their defenses. We organized this report around threat sources: outsiders, including organized criminal groups and nation-states with political goals, and insiders both malicious and unintentional. This report offers some ideas on how to leverage that new knowledge.

Know the terms:

IoT (Internet of Things)

Connection of everyday objects with embedded electronics, from smartwatches to pet collars to cars, across modern networks.

DDoS (Distributed Denial of Service)

An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.