20 percent of global organizations rank cyber espionage as the most serious threat to their business, with 26 percent struggling to keep up with the rapidly evolving threat landscape. In addition, one in five U.S. organizations have suffered a cyber espionage-related attack in the last year.
The Trend Micro research, which surveyed 2,402 enterprise IT decision makers across Europe and the U.S., shows cyber espionage topping the list of largest security concerns for 2017, followed by targeted attacks (17 percent) and phishing (16 percent).
Businesses in Italy (36 percent), France (24 percent), Germany (20 percent) and Netherlands (17 percent) topped the list for regions who fear cyber espionage the most, which is notable in light of their respective elections taking place this year across Europe.
“The data shows fears over foreign government interference in democratic processes are now very real, as we saw with accusations over Russian involvement in the U.S. presidential elections. As general elections occur around the world, we see cyber propaganda becoming the norm this year, and the repercussions will be felt within businesses as they struggle to protect themselves from potentially disastrous cyber breaches,” according to Raimund Genes, CTO for Trend Micro.
The unpredictability of cyber criminals
Eight out of 10 countries cited the increasing unpredictability of cyber criminals (36 percent overall) as one of the three biggest challenges to protecting against cyber threats. A further 29 percent flagged a lack of understanding of latest threats and a quarter (26 percent) are struggling to keep up with the rapidly evolving landscape and increasing sophistication of cybercriminal activity.
“As more of our critical data is being moved online, nation states are now targeting businesses to obtain this data and businesses are struggling to keep up, which could also be placing critical infrastructure at risk,” said Genes. “Nation states are able to use far more sophisticated methods, enabling them to target institutions such as hospitals, utilities and traffic signals, with far more disastrous consequences.”
The rise of ransomware
According to the research, almost two-thirds (64 percent) of businesses experienced a ‘known’ major cyber-attack in the past 12 months, with the average being four. Amongst this group, ransomware was by far the most common threat type, with 78 percent of respondents claiming to have been attacked at least once in the period. In fact, only 16 percent of those who had experienced an attack had not suffered a ransomware attack.
In line with Trend Micro’s security predictions for 2017, just 10 percent of organizations think ransomware will pose a threat in 2017, despite a 748 percent increase in ransomware attacks in 2016, resulting in $1 billion in losses for enterprises worldwide. The number of ransomware families is predicted to grow by a further 25 percent in 2017, diversifying to devices such as mobile phones, IoT devices and Industrial IoT devices (IIoT).
As the Internet and the real world intersect, hackers are increasingly infiltrating critical systems and infrastructure,” said Genes. “With the IIoT introducing risks to enterprises utilizing Industrial Control Systems, this has significant consequences. We saw this with the recent attack on Ukraine’s national grid leaving 225,000 homes without power, and research showing that traffic signalling systems are easily searchable online.”
No silver bullet
Business Email Compromise (BEC) – also known as CEO fraud or “whaling” – was pegged as a threat by just 12 percent of respondents, indicating that businesses are underestimating the impact of these attacks. BEC scams are proving to be incredibly lucrative, resulting in an average of $140,000 in losses for global companies in 2016.
“There’s no silver bullet for cyber security; these threats are constantly evolving,” stressed Genes. “While many organizations will be wooed by exciting new security technologies, this Elastoplast approach means they will be quickly bypassed and become obsolete. The increasingly unpredictable tactics used by well-funded cybercriminals and the fast evolving threat landscape highlights the fundamental need for businesses to have a layered defense to greatly reduce the risk.”