EMEA businesses 'under constant cyberattack'
Europe's financial institutions are being bombarded with cyberattacks
European businesses are facing more cyberattacks than ever before as criminals widen the reach of their assaults, new research has found.
A wide-ranging report by NTT Security discovered that financial firms are seeing a particular rise in the threats they face, accounting for 30 percent of all attacks recorded on the continent last year.
This was followed by the business and professional services sector (24 percent), technology (17 percent) and manufacturing (nine percent), with the finance industry also seeing a major increase in web atatcks, which grew from 22 percent to 43 percent.
- Best internet security suites of 2019
- What is GDPR? Everything you need to know
- Over 10 billion malware attacks detected in 2018
TechRadar Pro was invited to NTT Security's Security Operations Centre (SOC) in Gothenburg to get a first look at the company's 2019 Global Threat Intelligence Report (GTIR).
The 120-year-old company, which gets visibility over 40 percent of the world's entire internet traffic to examine trillions of data logs worldwide ever year, sifting through billions of attacks, comprised its report to see which sectors are most at risk of attack.
The 2019 GTIR found that 73 percent of all hostile activity falls into 4 categories - reconnaissance, web attacks, service-specific attacks and brute-force attacks.
"This doesn't really surprise us," says Rob Kraus, NTT Security's senior director, Global Threat Intelligence Centre, Operations, "we try to make sure we take all of these activities and notify them when it's really a problem."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Transforming
As mentioned above, Finance remained top attacked sector, as it has for 6 of the past seven years, with Kraus noting that attackers often go where the money is. But it has now been joined by technology sector this year, with the quick pace of development in the industry, especially in the IoT space, helping widen the threat vector.
“Finance is yet again on the top spot when it comes to targeted attacks, which surely is enough evidence to convince the board that cybersecurity is a must-have investment," noted Kai Grunwitz, SVP NTT Security EMEA.
"Sadly, many financial organisations are moving forward with digital transformation but without security built-in. While legacy methods and tools are still quite effective at providing a solid foundation for mitigation, new attack methods are constantly being developed by malicious actors."
"Security leaders should ensure basic controls remain effective, but they must also embrace innovative solutions if they provide a good fit and true value."
The US was found to be the main source of attacks, accounting for 22 percent of the global share, followed by China (13 percent) and Japan (six percent) - with just ten countries making up two-thirds (66 percent) of all recorded attacks.
App and web assaults accounted for 32 percent of all attacks globally, with NTT Security noting that the increasing proliferation of web apps make them a very lucrative target.
“Some of the most prevalent activity in EMEA during the past year was related to web-application attacks – and it’s not surprising," Grunwitz added.
"These attacks most often rely on leveraging an exposed unpatched vulnerability or misconfigured system, targeting organisations with high volumes of sensitive data. The consequences could be devastating as it could be used for financial gain, industry superiority or corporate espionage. Our GTIR once again highlights the fact that critical vulnerabilities – both old and new – need to be patched as quickly as possible in client environments, especially given the convergence of IT with Operational Technology.”
Worryingly, the report suggests that despite the increasing number of threats, many businesses are still ill-prepared to cope with cyberattacks.
NTT Security found that less than half of companies (49 percent) had an incident response plan in place, despite this being a crucial part of GDPR. The company is calling for "security by design" best practices, and getting cybersecurity on the board agenda, otherwise your business could end up paying a significant price for its vulnerabilities.
- Best free security utilities from top antivirus companies
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.