Organisations continue to make the same security mistakes

Secureworks has published the findings of a research report which analysed more than a thousand incident response engagements throughout 2018. The incidents observed by Secureworks revealed that organisations are making the same fundamental security mistakes year on year - despite several high profile fines and data breaches in recent months. As a result, attackers are following a path of evolution rather than revolution, sticking with methods that they know will work.

  • 5 years ago Posted in
The research highlightes:
  • 85% of attacks monitored are financially motivated
  • 8% of incidents were from insider threats
  • Only 7% of attacks where government sponsored

In previous years, government-sponsored, criminal, and hacktivist groups each had a distinct way of operating. For example, government-sponsored actors often invested time and resources into developing their own malware to use in highly targeted attacks, whereas financially motivated criminals used indiscriminate and broader-scale tactics.

 

Secureworks also investigated popular attack methods. Business email fraud, ransomware, digital currency mining (also known as cryptomining), and banking trojan activities constituted over 60% of the total attack methods. When it came to the financially motivated attacks, 21% of these involved business email frauds.

 

Compared to previous years, ransomware attacks tended to be more serious in impact with threat actors increasingly trying to gain access to entire networks to deploy payloads across a large number of systems.

 

Government-sponsored actors continued to target organisations for various strategic objectives, but capability across groups continues to diverge. Many groups conduct entire intrusions using publicly available tools and techniques, whereas others adopt increasingly sophisticated approaches to gain access to systems.

 

Constantly changing IT environments, corporate priorities, and relationships with third parties continues to create cybersecurity challenges year after year. To reduce risk exposure, organizations should close the gaps they can control and make the company less of a target.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...