Supply chain the new weak link in business security as ransomware attacks increase according to Dimension Data
Source: OAK Consulting for Dimension Data , Author: Posted by BI-ME staff
Posted: Tue May 22, 2018 11:55 am

UAE. 2017 saw a worrying increase in ransomware and other cyberattacks targeting the supply chain, with the business and professional services sector receiving a significant increase of attacks, particularly in the EMEA region, which saw 20% of all attacks targeting this sector.

This is according to Dimension Data that published its Executive Guide to the NTT Security 2018 Global Threat Intelligence Report.

The businesses and professional services sector received 10% of global ransomware attacks, the third most targeted industry (up from sixth position in 2016), behind finance and technology. It also ranked third in the Americas (9%) and was the most vulnerable sector in EMEA, receiving 20% of all attacks.

As ransomware-related outsourced incident response engagements against financial institutions declined (a drop from 22% in 2016 to 5% last year), the business and professional services supply chain has clearly become a prime target for trade secrets and intellectual property theft, potentially exposing customer and business partner data.

Despite the drop in outsourced incident response engagements, the finance sector remains the number one target for cyber criminals who carry out regular reconnaissance to spot potential infrastructure and application vulnerabilities.

Mark Thomas, Dimension Data’s Group CTO for Cybersecurity said, “There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors. Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.”

Technology was the second most cyber-attacked industry in 2017, with a 19% attack volume, with business and professional services moving to third place. Interestingly, attacks on the government sector last year dropped to 5% from 9% in 2016.

In 2017, there was a massive 350% rise in ransomware, representing 7% of all global malware attacks (up from 1% in 2016), and is set to continue due to the popularity of cyber adversary campaigns.

Other highlights in the NTT Security 2018 Global Threat Intelligence Report include:

• The technology and finance sectors account for 70% of all attacks in the Americas.  The US is a world leader in technology innovation while the finance sector collects and stores a vast amount of personal data which cyber criminals can monetise

• Education was the most attacked sector in Australia (26%). With an open network model and collaborative environments that enable connectivity and research between students, campuses, colleges, and universities, this is a valuable target.

• Attacks on the APAC manufacturing sector have dropped to a mere 7% (32% in 2016), because of the adoption of enhanced security governance and proactivity in raising cyber defenses.

“In Europe, Middle East & Africa (EMEA), ransomware accounted for nearly 30% of cyberattacks compared to the global average of 7%. EMEA was also the only region in which ransomware was the number one type of malware due to various cyberattack campaigns, including the WannaCry and NotPetya epidemic,” said Mechelle Buys Du Plessis, Managing Director – UAE, Dimension Data.

“New regulations, an alarming spike in ransomware attacks, and an uncertain geopolitical picture all contributed to unique cybersecurity challenges for the EMEA region over the last year. The business and professional services sector was the most targeted sector in EMEA, representing 20% of all attacks. This sector includes organisations such as service providers and outsourcers, making them a prime target for theft of trade secrets and intellectual property. If left unprotected, organisations may have their customer and partner data/credentials exposed. These can be used by cybercriminals to remotely access infrastructure, unimpeded,” Ms. Du Plessis concluded.

Click here to download Dimension Data’s Executive’s Guide to the NTT Security 2018 Global Threat Intelligence Report.

[1] sandbox:  software that executes suspicious code in a highly protected environment and examines its activities sandboxes
[2] honeynet and honeypot:  Honeypot: decoy systems set up to gather information about an attack or attacker and to potentially deflect that attack from a corporate environment. Honeynet: a network containing honeypot systems.

Twitter: https://twitter.com/DimensionData
LinkedIn: https://www.linkedin.com/company/dimension-data

Notes
Dimension Data’s Executive’s Guide to the NTT Security 2018 Global Threat Intelligence report is compiled from data collected by NTT Security and other NTT operating companies including Dimension Data, from the networks of 10,000 clients across five continents, 3.5 trillion security logs, 6.2 billion attempted attacks, and global ¹honeypots and ² sandboxes located in over 100 different countries.

Photo Captions:
1. (above)  Mechelle Buys Du Plessis, Managing Director - UAE, Dimension Data
2. (inset)    For illustrative purposes only (File photo)

About Dimension Data
Founded in 1983, Dimension Data is a USD 8 billion global leader in designing, optimising, and managing today’s evolving technology environments. This enables its clients to leverage data in a digital age, turn it into information, and extract insights.  Headquartered in Johannesburg, Dimension Data employs 28,000 people across 47 countries.

The company brings together the world’s best technology provided by market leaders and niche innovators with the service support that clients need for their businesses – from consulting, technical, and support services to a fully-managed service.  Dimension Data is a proud member of the NTT Group. 

Visit us at http://www2.dimensiondata.com

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: September 24, 2018
INTERNATIONAL. Digital Transformation Barometer finds better security needed to harness the positive potential of AI and mitigate risks of malicious attacks.
date:Posted: September 21, 2018
UAE. Analysts to explore AI developments and influence on businesses at the Gartner Symposium/ITxpo 2019, March 4-6 in Dubai, United Arab Emirates.
date:Posted: September 20, 2018
UAE. Research from Aruba and Ponemon Institute shows security teams view Machine Learning and network visibility for users and IoT devices essential for battling stealthy threats inside IT infrastructures.
dhgate