CompTIA ISAO publishes on average more than two threat reports per daily. These reports contain actionable information that can be used to assist members in avoiding, defeating, or recovering from a cyberattack. Here’s what we have seen in the first 1,000 reports. The CompTIA ISAO released its 1,000th threat report earlier this month. This provides members with real-time intelligence, analysis, and helps to increase cyber resilience across the entire IT industry. The timing seems perfect, considering October is Cybersecurity Awareness month.
On August 19, 2020, the first threat report was issued by CompTIA ISAO. Since then, there has been a steady increase in the number of threat reports published each day. This July saw a peak with just over 11 threat reports per daily. This makes sense, given the cyberattack on Kaseya that occurred over the July 4 holiday weekend. The next highest peak of activity was February 2021 which saw just under nine threat reports per hour. In October 2021 and September 2021, respectively, there were just over eight and six threat reports per day.
All of this confirms a well-known fact. Cyberattacks are on the rise, but so is the sharing critical cyber threat intelligence, which is the raw data that informs our threat report. CompTIA ISAO members have a greater understanding of the threat landscape and the threats that are immediate risks to their businesses and customers.
More threats, but more safety measures taken
Since the first report, we have received more than 71 threat alerts per month (more than two per hour). Although this may seem like a lot of information, thanks to our team, cyber analysts, and other contributors, these reports were designed to be easy to consume and acted on. These reports contain actionable information that can help you prevent, defeat, or recover after an attack.
This is done by first categorizing threat reports into six buckets. Breaking New Reports are alerts that highlight active exploits and zero-day attacks, or known vulnerabilities that pose a high risk for successful attack. This alert is the most sensitive and urgent type that CompTIA ISAO generates. It contains specific information about the threat and mitigation recommendations. These alerts are classified according to their severity: low, medium and high. They also have Traffic Light Protocol (TLP) which governs the sharing this information within your organization, with your customer or partner organizations, or the wider constituent communities.
We also have Breaking New Reports. We break down our reports into these categories: DHS Report, which is a report issued by the United States Department of Homeland Security; Law Enforcement Reports which can be federal, state or regional; Vendor Reports which are shared by CompTIA ISAO vendor members; Weekly Reports which are structured weekly overviews of cyber threat landscape for that week; Weekly Video Reports which are 10-minute summaries of most important threats reported during the week. CompTIA ISAO members can focus on the most important while still having access to all of our analysts’ reports, so they are always up to date on all threats facing their customers and member companies.
Big wins that keep members secure
Nearly 12% of the first 1,000 threat reports issued in 2000 by CompTIA ISAO had a high severity rating. 16% had a medium severity rating and 13.5% had a low severity rating. The remaining 59% were issued without a severity rating. 18% were also TLP-Amber, 67% TLP-Green, 13% TLP–White, and none TLP–Red.
We have had some very impactful wins over the past 14 months for our members. First, we issued a threat report on September 14, 2020. This was just one month after our initial report that highlighted active exploitation CVE-2020-1472, also known by the Microsoft NetLogon vulnerability. This alert was sent to the CompTIA ISAO by our partnership with IT-ISAC 48 hours before other sources began to alert and publicize about the threat. After less than a month of active reports, the CompTIA ISAO gave our members a 48-hour window to close the vulnerability and protect their customers and themselves. This threat report is part of the reason why we are proud that no CompTIA ISAO member was affected by this threat.
We also issued threat reports about the Kaseya attack in Jul, the PrintNightmare vulnerability which was present throughout July and much August, and the Microsoft MSHTML vulnerability in September.
We expect that the volume of threat reports will fluctuate in the future.
1,000 Threat Reports and Counting – Details of the CompTIA ISAO Cybersecurity Updates
