The Netherlands cyber threat landscape is escalating. In this, our first Netherlands threat report, we find that attack frequency and sophistication are at an unprecedented level; 96% of security professionals said the volume of attacks they faced has increased. Attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organisations.
The considerable attack frequency and sophistication revealed in this report shows that, however fast Netherlands businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster. 90% of security professionals say attacks have become more sophisticated, 46% of those say they have become either moderately or significantly more advanced.
90% of security professionals say attacks have become more sophisticated.
Visibility and validation of security posture can be significantly enhanced by the application of the MITRE ATT&CK® framework and it seems organisations in the Netherlands appreciate the relevance and value of this approach. 83% are aware of it and 68.5% plan to use it to validate security posture. Of those that were surveyed about their views on the MITRE ATT&CK® framework, 13% said they were unaware of it but were keen to know more, demonstrating that this framework is well on its way to being the gold standard among enterprises.
Respondents are already operating an average of more than seven different consoles or agents to manage their security programme. This indicates a security environment that has evolved reactively as security tools have been bolted on to tackle emerging threats, not built-in. This has resulted in siloed, hard-to-manage environments that hand the advantage to attackers from the start. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.
Custom and commodity malware are the most commonly seen attack types.
All but four of our survey participants anticipated an increase in spend.
54% say they need to increase spending on cybersecurity programmes.
The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees.
The highest increase in threat changes during COVID-19 was with COVID-19 related malware, which saw overall threat change increases of 92%, and 53% of these increases were in the 51 to over 100% categories. Second was IoT exposure, with 89% reported threat change increases and 21% of these were in the 51 to over 100% categories. In third place was phishing emails with 89% and 24.5% of these were in the 51 to over 100% categories. Spear phishing was also significantly high with 88% overall increases in threat changes and just under a quarter (23%) of these were also in the 51 to over 100% category.
Out of the four countries Italy had the highest overall COVID-19 related malware increase of 96% with a staggering 70% reporting increases in the 51% to over 100% categories. This was followed by the UK with 93% overall and 54% in the 51% to over 100% categories.
29% of global respondents recounted the inability to institute multi-factor authentication as the biggest threat to their company so far. In terms of how threats have changed during COVID-19, this was relatively high with 87% reporting overall threat change increases and 24% of the respondents reporting increases between 51 and more than 100%.
Nearly half of those surveyed reported very significant gaps in terms of the effectiveness of their disaster recovery planning around communication with their external parties.
91% of all global respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.