Cybercriminals Target the Supply Chain to Exploit Business Data
Last year, we saw an increase in the trend to target cyber attacks, including ransomware attacks, at the supply chain. At the receiving end of these attacks were many business and professional services, all of which witnessed a significant increase in the number of attacks. The EMEA region seemed to be targeted the most; 20 percent of all attacks targeted this sector. The Dimension Data Group, in its recently published Executive Guide to the NTT Security 2018 Global Threat Intelligence Report, discusses this in detail.
Of the global ransomware attacks, 10 percent targeted the business and professional services sector. To be noted is the fact that the sector thus became the third most targeted industry (it was in the sixth position in 2016). The sector, which received 20 percent of all cyber attacks, was also the most vulnerable sector in the EMEA region and ranked third in the Americas.
2017 also witnessed a drop in the number of ransomware-related outsourced incident response engagements against financial institutions; from 22% in 2016, it fell to 5%. Despite this drop, the finance industry continues to remain the top target for those hackers who look for potential infrastructure and app vulnerabilities. Cyber criminals who look for trade secrets and engage in intellectual property theft see the business and professional services supply chain as their prime target.
The second place, as regards the incidence of cyber attacks, is taken by the technology industry (19 percent) while the third place goes to the business and professional services sector. A notable thing is that cyber attacks on the government sector recorded a drop, from 9 percent in 2016 to 5 percent in 2017.
Ransomware attacks represented 7 percent of all global malware attacks in 2017; the figure was 1 percent in 2016. The rise, it needs to be said, is simply massive; it has been a 350% rise.
The South Africa-based Engineering News Online quotes Mark Thomas, CTO for Cybersecurity at the Dimension Data Group, as saying,“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors. Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.”
The Report also says that in the Americas, the technology sector and the finance sector together account for 70 percent of all cyber attacks. In Australia, the Education sector was attacked the most in 2017; 26 percent of all attacks were targeted at this industry. The report also says that for the APAC manufacturing sector, there has been a steep drop in the number of attacks (from 32% in 2016 to 7% in 2017). While on the global level ransomware attacks represented about 7% of all cyber attacks, for the EMEA region the figure was rather high. 30% of all cyber attacks there were ransomware attacks. The EMEA was the only region where ransomware topped among all malware strikes.