Today’s Biggest Cyber Risks
When your organization handles sensitive data on a consistent basis, the looming threat of cyber risks is around every corner.
Although cyber threats aren’t going anywhere anytime soon, the good news is that resources like cyber threat intelligence metrics can help with analyzing risks and understanding which evolving threats are relevant to your industry and geography.
To help you meet the challenges of these tech-heavy times, we took a look at the 2021 X-Force Threat Intelligence Index, a report based on data collected from real attacks in the top industries.
The Key Findings
The X-Force Threat Intelligence Index 2021 report highlighted where threats were centered in 2020 and gave some insight into which threats should be given priority for current and future cybersecurity efforts.
Not only can understanding the attack landscape assist security teams in prioritizing resources, but it can also help with identifying the most likely scenarios and shifts in attacker techniques.
According to the findings presented, within the cyber threat landscape, the top three attack types are ransomware, data theft, and server access:
At the top of the list of cyber threats is ransomware attacks. Making up 23 percent of all incidents observed in 2020, and up from 20 percent in 2019, cybercriminals are presumably attracted to ransomware and likely find it to be lucrative. The analysis from the report stated that ransomware-related data leaks made up 36 percent of public data breaches in 2020 and were also the most common threat to Operational Technology (OT), making up 33 percent of all attacks on OT.
Ransomware attacks were carried out by threat actors predominately by gaining access to victim environments via a remote desktop protocol, phishing, or credential theft. However, ransomware actors have been finding greater success in attacks by expanding their attack chain. For instance, they have done this by creating ransomware-as-a-service (RaaS) cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack.
The Method Behind the Madness
According to the report, 59 percent of ransomware attacks used a double extortion strategy. Because organizations can opt to recover from backups and not pay the ransom, attackers have begun to shift tactics. No longer just encrypting data and rendering it impossible to access, attackers are also stealing and threatening to leak sensitive data if a ransom isn’t paid. Certain ransomware providers are even holding auctions on the dark web with the purpose of selling their victims’ stolen sensitive data.
The reputational loss due to sensitive data being leaked has the potential to cause significant damage to both organizations and customers alike. This can lead to a drop in credibility, lawsuits, and hefty regulatory fines – in addition to the already significant costs of recovery.
Related Reading: How a Data Security Breach Puts Your Organization at Risk
An attacker taking sensitive victim data – or data theft – accounted for 13 percent of attacks in 2020 according to the report. This was a significant increase from its previous placeholder of 5 percent in 2019 – a 160 percent increase to be exact.
The industry that took the worst hit of data theft attacks in 2020 was manufacturing, with the field experiencing 33 percent of all data theft incidents. Energy came in second at 21 percent of attacks, with finance and insurance tied for third place with both taking up 17 percent of all data theft attacks.
The third most common attack type in 2020 was server access, accounting for 10 percent of all attacks. A server access attack involves a situation where a threat actor gains unauthorized access to a victim’s server, either by exploiting stolen server credential, exploiting a vulnerability, or by other means.
Nearly 36 percent of the server access attacks observed in 2010 targeted the finance and insurance sector, with business services (14 percent), manufacturing (7 percent), and healthcare (7 percent) also being hit hard.
Overall, server access attacks saw an increase of 233 percent since 2019, according to the report.
Related Reading: The Top 10 Healthcare Data Breaches of 2020
Recommendations for Resilience
When it comes to recommendations for resilience against cyber threats, prevention and preparation are both key. Consider implementing the following tips if you haven’t done so already:
- Implement and practice a response plan for a ransomware attack: Planning for a ransomware attack — including a plan that addresses blended ransomware and data theft extortion techniques — and regularly exercising this plan can make all the difference in how your organization responds in a potential critical moment. A good way to do this is by building and training an incident response team within your organization.
- Safely store data backups offline: Backups can enable your organization to quickly and independently recover from a ransomware attack.
- Implement defense-in-depth: Use a multi-faceted approach, such as employing multi-factor authentication on every access point into a network. Ensuring endpoint visibility and proactive threat hunting, along with performing regular penetration tests to identify weak points in a network are all good practices. As well as quickly patching and mitigating known vulnerabilities.
- Get in front of the threat rather than react to it: Leverage threat intelligence solutions to monitor and analyze network traffic to reveal critical threats in real time on any device within your infrastructure.
- Double check your organization’s patch management structure: Harden your infrastructure and reinvigorate internal detections to find and stop automated exploitation attempts quickly and effectively.
- Protect against insider threats: Use data loss prevention (DLP) solutions, training, and monitoring to prevent inadvertent or malicious insiders from breaching and causing harm to your organization.
- Stress test your organization’s incident response plan to develop muscle memory: Tabletop exercises can provide your team with critical experience to reduce downtime, improve reaction time, and save money in the event of a breach.
- Implement multifactor authentication (MFA): Adding layers of protection to key accounts continues to be one of the most efficient security priorities for organizations.
- Have backups, test backups, and store backups offline: Ensuring the presence of backups and their level of effectiveness through real world testing makes a critical difference in the organization’s security — even more so with 2020 data showing a spike in ransomware activity.
- Use a secure managed file transfer solution (MFT): MFT is a secure way to centralize, simplify, and automate your sensitive data movements. With a MFT solution in place you can improve security, simplify file transfers, and meet compliance requirements.
Related Reading: Why You Should Integrate Your DLP with MFT
Get Ahead of a Data Breach
Get ahead of a data breach and develop a strategy to keep your data secure. The risk of cyber threats is going to continue to grow – let us help you effectively prepare by bolstering your security strategy with a MFT solution like GoAnywhere MFT.