One in five of global organizations rank cyber espionage as the most serious threat to their business, with a quarter (26 percent) struggling to keep up with the rapidly evolving threat landscape. That is according to research from Trend Micro Incorporated, a US-based cybersecurity firm. And one in five (20 percent) of US organisations have suffered a cyber espionage-related attack in the last year.
A survey of 2,402 enterprise IT decision makers across Europe and the US, shows cyber espionage topping the list of largest security concerns for 2017, followed by targeted attacks (17 percent) and phishing (16 percent). Businesses in Italy (36 percent), France (24 percent), Germany (20 percent) and Netherlands (17 percent) topped the list for regions who fear cyber espionage the most, which is notable in light of their respective elections taking place this year across Europe.
Raimund Genes, chief technology officer for Trend Micro, said: “The data shows fears over foreign government interference in democratic processes are now very real, as we saw with accusations over Russian involvement in the [United States 2016] presidential elections. As general elections occur around the world, we see cyber propaganda becoming the norm this year, and the repercussions will be felt within businesses as they struggle to protect themselves from potentially disastrous cyber breaches.”
Eight out of ten countries cited the increasing unpredictability of cyber criminals (36 percent overall) as one of the three biggest challenges to protecting against cyber threats. A further 29 percent flagged a lack of understanding of latest threats and a quarter (26 percent) are struggling to keep up with the rapidly evolving landscape and increasing sophistication of cybercriminal activity.
“As more of our critical data is being moved online, nation states are now targeting businesses to obtain this data and businesses are struggling to keep up, which could also be placing critical infrastructure at risk,” said Genes. “Nation states are able to use far more sophisticated methods, enabling them to target institutions such as hospitals, utilities and traffic signals, with far more disastrous consequences.”
According to the research, almost two-thirds (64 percent) of businesses experienced a ‘known’ major cyber-attack in the past 12 months, with the average being four. Amongst this group, ransomware was by far the most common threat type, with 78 percent of respondents claiming to have been attacked at least once in the period. In fact, only 16 percent of those who had experienced an attack had not suffered a ransomware attack.
In line with Trend Micro’s security predictions for 2017, just 10 percent of organisations think ransomware will pose a threat in 2017, despite a 748 percent increase in ransomware attacks in 2016, resulting in $1 billion in losses for enterprises worldwide. The number of ransomware families is predicted to grow by a further 25 percent in 2017, the IT security firm says, diversifying to devices such as mobile phones, IoT devices and Industrial IoT devices (IIoT).
Genes said: “As the Internet and the real world intersect, hackers are increasingly infiltrating critical systems and infrastructure. With the IIoT introducing risks to enterprises utilizing Industrial Control Systems, this has significant consequences. We saw this with the recent attack on Ukraine’s national grid leaving 225,000 homes without power, and research showing that traffic signalling systems are easily searchable online.”
Business Email Compromise (BEC) – also known as CEO fraud or “whaling” – was named as a threat by just 12 percent of respondents, indicating that businesses are underestimating the impact of these attacks. BEC scams are proving to be incredibly lucrative, resulting in an average of $140,000 in losses for global companies in 2016.
Genes said: “There’s no silver bullet for cyber security; these threats are constantly evolving. While many organizations will be wooed by exciting new security technologies, this Elastoplast approach means they will be quickly bypassed and become obsolete. The increasingly unpredictable tactics used by well-funded cybercriminals and the fast evolving threat landscape highlights the fundamental need for businesses to have a layered defense to greatly reduce the risk.”
About the survey
A survey of some 2,402 ITDMs in the UK, United States, France, Germany, Italy, Netherlands, Sweden, Norway, Austria and Switzerland was commissioned by Trend Micro and conducted by Opinium in February 2017.
