In this, our first Nordics threat report, we find that cyberattack frequency is at unprecedented levels; 97% of security professionals said the volume of attacks they faced has increased. Attackers are employing a diverse range of tactics and techniques as they bid to extort, disrupt and infiltrate organisations.
The level of attack frequency revealed in this report shows that, however fast Nordics businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster. 68% of security professionals say attacks have become more sophisticated, 22% of those say they have become significantly more advanced with 47% stating that attacks have become moderately or slightly more sophisticated.
68% of security professionals say attacks have become more sophisticated.
Island hopping was the top cause of breaches for Nordics organisations (27%) followed by 3rd party applications (17%). Clearly, the extended enterprise ecosystem is generating considerable security concerns. When delving deeper and looking individually at the three countries that comprise to make up the Nordics it is clear that island hopping is a particular issue for Sweden with 47% of respondents in that territory citing island hopping as the prime cause of breaches.
When delving deeper and looking individually at the three countries that comprise to make up the Nordics it is clear that island hopping is a particular issue for Sweden with 47% of respondents in that territory citing island hopping as the prime cause of breaches.
As public awareness, and regulatory fines have hit the headlines, so the impact of breaches has continued to rise, with a significant proportion of respondents reporting financial and reputational damage. In the Nordics it is food and beverage organisations most likely to suffer severe financial impact following a breach with 33% of respondents attesting to this. Again, when it came to reputational impact following a breach it was most keenly felt by food and beverage companies as 42% said they had suffered severe reputational impact following a breach.
When looking at the individual countries most impacted following a breach it was Finland who came out suffering the most severe financial impact (56%) and also severe reputational impact.
Island hopping was the top cause of breaches for Nordic organisations.
98% of our survey participants anticipated an increase in spend.
54% of respondents say they will need to increase security spending and controls.
The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees.
Google Drive™ (Cloud-based attacks) tops the table with over a quarter of respondents (26%) seeing it as the most frequent attack type. Process Hollowing (18%) is second, indicating a growing attacker focus on gaining undetected access to networks. Custom Malware (10%) also figures in the top 3.
Also appearing on the attack radar is island hopping, seen in 7% of incidents. While this figure may seem relatively low, these types of attacks are proving effective, as later analysis shows.
Government and local authority (35%) and manufacturing and engineering (34%) are most at mercy of Google Drive (Cloud-based attacks.) Whilst process hollowing is the biggest burden for media and entertainment (31%) organisations and food and beverage (24%) respondents.
Sweden is most at the mercy of Google Drive (Cloud-based attacks) with 46% of respondents citing this as the most frequent type of cyberattack. Norway is second with 18% respondents stating the same and Finland third 13%. Process hollowing is also the biggest burden to Sweden with 30% viewing this as the most frequent type of cyberattack faced.
Nearly half of global respondents surveyed reported very significant gaps around communication with their external parties.
91% of all global respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.