The Global Security Watch update for the end of August 2015 shows the escalation of successful incursions across the globe. The number of successful incursions are rising on a steep curve, with a myriad of factors driving those reports. One factor that cannot be ignored is the increasing watchfulness and detection capabilities that organizations are implementing. As the defensive capabilities increase, the rate of detection also grows and the numbers into the GSW reflect that change.
Another contribution to the growing numbers is a change in perception as to what constitutes an incursion. For many organizations, security problems were a matter of breach and violation. These are single occurrence incidences that can be easily counted and tracked, and so have been the mainstay metric for many years. However, the form of security incursions is not limited to single occurrence damage. Many of the incursions are actually "seeded" by the single occurrence attack, but are spawned in multiples to steal, destroy and mutate. Each of these incidences of damage are separate incursions and each has a separate cost impact.
The market as a whole has been slow to understand this pathology and to develop ways of counting the individual spawned attacks and the associated costs. As this change in conceptual framework permeates the security environment, a significant number of additional incursions will be counted. According to SIL data, the average ratio of attack spawn per seed is 11.3:1. This means that there are far more security incursion events than are being reported currently. For the unreported and unarticulated incursions, damage occurs that is not considered when looking at the effects of security failures. This category of cost is huge, dwarfing the single incident aggregation. The SIL GSW is slowly seeing an increase in reports that differentiate among the patterns of damage, which is feeding into the higher levels visible in the GSW summary for the month.
The final, major factor in the increasing GSW numbers is that the number of successful attacks is growing. More organizations are being hit. They are attacked more frequently and the attacks take a wider variety of forms and vectors. So the number of incursions grows in this dimension also.