Tech giant Dimension Data releases its findings on the cybersecurity maturity ranking of organisations world-wide this month. Its Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report outlines which attacks are on the rise.
According to the 2019 Global Threat Intelligence Report the average cybersecurity maturity rating stands at 1.45 out of 5 globally; a score determined by an organisation’s holistic approach to cybersecurity from a process, metrics and strategic perspective. As of 2019, security vulnerabilities have surged to a record high (up 12.5% from 2017).
The finance (1.71) and technology (1.66) sectors boast the highest maturity ratings and are continuing to ramp up their security posture, given both sectors are the most commonly targeted industries, each accounting for 17% of all attacks recorded in 2018.
Scouring trillions of logs and billions of attacks, the research also revealed the most common attack types, with web attacks the most prevalent threat, doubling in frequency since 2017 and accounting for 32% of all attacks detected last year. Reconnaissance (16%) was the next most common hostile activity, closely followed by service-specific attacks (13%) and brute-force attacks (12%).
According to Dimension Data Solutions Director Cybersecurity APAC Neville Burdan says most C-suite executives understand the organizational risks that come with not having adequate cybersecurity defences.
“There’s clearly work to be done across all sectors in order to establish more robust security postures. However, it’s reassuring to see many C-suite leaders recognising the importance of making more strategic investments to improve their cybersecurity defences. There have been some exciting developments in the predictive threat intelligence space, with new levels of collaboration and buy-in across the cybersecurity value chain. What’s more, the most-targeted industries are also the most likely to seek assistance to evolve their strategies and build their security programmes. This bodes well for companies looking to reach their desired cybermaturity state,” says Burdan.
Some key findings from the report include:
Globally, 35% of attacks originate from IP addresses within the US and China, followed by EMEA and APAC.
‘Weaponisation’ of vulnerabilities is also on the rise, whereby cybercriminals exploit vulnerabilities to launch highly co-ordinated attacks against individuals, businesses, and specific groups by using a combination of technical and non-technical tools. In 2018, many vulnerabilities were discovered in older software that have been present for years. Others exist in common systems, utilities and applications, and application code libraries used to support daily operations.
Cryptojacking also represents a significant amount of hostile activity, at times accounting for more detections than all other malware combined, hitting the technology and education sectors hardest in 2018. According to the report, Cryptojacking is also is known as coin mining and cryptocurrency mining; which becomes illegal when someone use’s another person’s resources i.e. CPU power and energy, without permission, for their own financial benefit.
Credential theft is up as attackers target cloud credentials, with tech companies (36%), telcos (18%), and business and professional services (14%) significantly impacted by this.
While web-based attacks aren’t new, the report says there has been double YoY increase in cyberattacks in this area; accounting for 32% of all attacks detected during 2018. Web-based attacks target web-application and application-specific vulnerabilities in technologies frequently used by many businesses. The issue is compounded as more organisations migrate to the cloud.
Dimension Data is a USD 8 billion technology SP headquartered in Johannesburg. Dimension Data employs 28,000 people across 47 countries. To access the full report, click here.