In this, our first Spanish threat report, we find that attack frequency and sophistication have reached unprecedented levels; 98% of security professionals said the volume of attacks they faced has increased. Attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organisations.
The considerable attack frequency and sophistication revealed in this report shows that, however fast Spanish businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster. 86% of security professionals say attacks have become more sophisticated, 57% of those say they have become either moderately or significantly more advanced.
99% of Spanish respondents said they had suffered a data breach as a result of a cyberattack in the past 12 months.
Perhaps this is because they’re already supporting multiple security technologies. Respondents are already operating an average of more than nine different consoles or agents to manage their security programme. This indicates a security environment that has evolved reactively as security tools have been bolted on to tackle emerging threats, not built-in. This has resulted in siloed, hard-to-manage environments that hand the advantage to attackers from the start; evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.
Spanish security professionals are responding to the uptick in cyber threats by boosting cyber defence spending. All but one of our survey participants (99+%) anticipated an increase in spend.
Where that spend will be directed is an interesting question. A vast majority of respondents told us unequivocally that threat hunting is paying dividends and increasingly being recognised for its value in identifying malicious actors already in the system, so it seems likely this investment will continue, but what of emerging risks?
Google drive™ (cloud-based attacks) tops the table with 19%. Fileless attacks are next on 18%. Commodity Malware is third on 13% and Custom Malware fourth on 12%.
Island hopping is relatively low on the list on 2%, whilst Ransomware isn’t much higher at 4% indicating that the threat landscape may be changing as adversaries pivot away from previously popular attack vectors.
Manufacturing and engineering respondents appear to be at the mercy of Google Drive (cloud based) attacks with 29% saying this was the most frequently experienced attack (compared with an average of 19%). Media and entertainment respondents also more affected by Google Drive (cloud based) attack than average – 24%.
Financial services organisations reported the highest average number of breaches at 2.13, and 12.5% of these organisations had suffered five breaches. 12.5% of manufacturing and engineering respondents said they had been breached 3 times.
Almost one fifth of respondents said they had suffered severe reputational impact as a result of a breach.
72% of companies have between 5 and 10 different technologies deployed to manage their security programme.