The 2020 Webroot Threat Report

The 2020 Webroot Threat Report

Discover what it takes to become Cyber Resilient.

A lot has changed in the last decade. One thing that hasn’t, the relentlessness with which hackers work to attack businesses, MSPs, and home users.

That’s why, each year Webroot analyse threat activity to discover new trends across malware, phishing, cryptojacking, and more in their annual Webroot® Threat Report.

The statistics, trends and insights in this 2020 Webroot Threat Report are based on massive amounts of data continuously and automatically captured by our advanced machine learning based architecture, the Webroot® Platform. This data—which comes from millions of real-world endpoints and sensors, specialised third-party databases, and end users protected by our technology partners—is then analysed and interpreted on a continuous basis by our advanced machine learning engines and Threat Research team.

The retrospectives, trends, and predictions in this report cover a broad range of threat activity include:

             Phishing URLs increased by 640%

             1 in 4 malicious URLs is hosted on an otherwise benign site

             New industries are reporting higher-than-average infection rates

Each of the aforementioned threats has wide reaching impacts across multiple industries, geographical regions, and user groups. In the Threat Report Webroot break it all down by the numbers, and also demonstrate how effectively employing end user awareness and training can mitigate risk of compromise. Finally, in the Predictions section, they’ll look at how our comprehensive, global view informs what to expect to see in the coming year.

Looking back at 2019 and the preceding years, the changes are clear. There has been a massive move to the cloud; evolving (and sometimes conflicting) user demands for privacy, security and convenience; the relentless innovation of cyber criminals; and an ever-expanding attack surface. In terms of protection efforts, the sheer volume and variation of attacks necessitate a  comprehensive, multi-layered approach.

It should start with people – educate them, train them to avoid risks and report suspicious incidents quickly and correctly, then introduce other defence layers to ensure that, if users do inadvertently click a bad link, they will be stopped.  If they try to visit a malicious IP address, there should be a layer of security in place to stop them from visiting it. If they attempt to visit a phishing site, yet another layer should be in place to protect them. If they should happen to run a malicious script, it should be prevented from executing. If they attempt to run a malicious program, or if an apparently benign application becomes malicious, this should be blocked.

If all other methods should fail, all critical data should be securely backed up as part of a complete protection and disaster recovery strategy.

Download the e-book to learn how to become cyber resilient:

Full Name *

Company *

Job Title *

Email *

Telephone Number