77 percent of companies don't have the capability to respond to cyber attacks

Only 23 percent of organizations are capable of responding effectively to a cyber incident. This leaves the remaining 77 percent often having to purchase support services after an incident has occurred.

This is among the findings of the latest Global Threat Intelligence Report from security company Solutionary. The report is made up of information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.

Among other findings are that spear phishing attacks accounted for approximately 17 percent of incident response activities supported in 2015. In many cases, these attacks targeted executives and finance personnel with the intent of tricking them into paying fraudulent invoices.

The retail sector experienced the most attacks per client, followed by the hospitality, leisure and entertainment sector, then insurance, government and manufacturing. While the finance sector showed the highest volume of attacks overall, on a per-client basis, retail clients experienced 2.7 times the number of attacks as finance.

The report also observes an 18 percent rise in malware detected for every industry other than education. Clients from the education sector tended to focus less on the more volatile student and guest networks, but malware for almost every other sector increased.

When looking at types of attack, the report shows almost 21 percent of vulnerabilities detected in client networks were more than three years years old. These included vulnerabilities from as far back as 1999, making them a startling 16 years or more old. DoS/DDoS attack volume fell by 39 percent from levels observed in 2014. Implementation of better mitigation tools, along with fewer attacks, combined for a drop in detections of DoS and DDoS activities. However, extortion based on the victim's paying to avoid or stop DDoS attacks became more common.

All of the top 10 vulnerabilities targeted by exploit kits during 2015 are related to Adobe Flash. This compares to 2013 when the top 10 vulnerabilities targeted by exploit kits included one Flash and eight Java vulnerabilities. New Java vulnerabilities have dropped steadily since 2013 while the number of publicized Flash vulnerabilities jumped by almost 312 percent over 2014 levels.

For more information on the findings you can download the full report from the Solutionary website.

Photo Credit: Vlue/Shutterstock