The global cyber threat landscape has escalated. In this, our third Global Threat Report, we find that attack frequency has reached unprecedented levels; 90% of security professionals said the volume of attacks they faced has increased. Attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organizations.
The considerable leap in attack frequency and sustained increase in sophistication revealed in this iteration of the report shows that, however fast global businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster. 80% of security professionals say attacks have become more sophisticated, 18% of those say they have become significantly more advanced.
80% of security professionals say attacks have become more sophisticated.
In addition to the general escalation in intensity, this report reveals a shift in the causes of successful breaches. OS vulnerability was the most common cause of breaches, at the root of 18% of compromises.
Third party application breaches were joint second on the list, leading to 13% of breaches. Island hopping, despite only featuring in 4.5% of attacks experienced, shared second place as the most common cause of breaches, at the root of 13%. Furthermore, 7% of breached businesses had been compromised via their supply chain. Clearly, the extended enterprise ecosystem is generating considerable security concerns.
At the other end of the scale, breaches from direct attacks through ransomware and phishing have dropped considerably. In October 2019, phishing caused 34% of breaches and ransomware accounted for 18%. This time they each accounted for only 6%. It appears that unsophisticated “spray and pray” tactics are being rejected in favour of accessing networks undetected and gaining persistence for longer term campaigns.
Security professionals worldwide are responding to the uptick in cyber threats by boosting cyber defense spending, more of them than ever before told us that they are expecting to increase their budgets. 96% plan a greater spend, up from 90% in October 2019 and 88% in February 2019.
Where that spend will be directed is an interesting question. Respondents told us unequivocally that threat hunting is paying dividends and increasingly being recognised for its value in identifying malicious actors already in the system, so it seems likely this investment will continue, but what of emerging risks?
In our October 2019 survey, 92% of respondents said they had security concerns around the implementation and management of digital transformation and 5G. But, when it comes to the crunch, opinion is split on the need for security spending. 46.5% say they will need to increase security spending and controls, while 48% won’t be focusing their budgetary increases on securing 5G.
96% of those surveyed plan to increase budgets.
46.5% say they need to increase security spend and controls around 5G.
The average number of different tools being used to manage cybersecurity programs is 8.91.
The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees.
Custom malware and Google Drive™ attacks (cloud-based attacks) top the table, both cited by 18% of respondents as the most frequently experienced.
The frequency of process hollowing attacks has more than trebled from 3% to 9.5% since October 2019, indicating a growing attacker focus on gaining undetected access to networks. Also appearing on the attack radar is island hopping, with 4.5% saying this is the most common attack type they have faced. While this figure may seem low, these types of attacks are proving effective, as later analysis shows.
Google Drive (cloud-based attacks) are disproportionately affecting manufacturing and engineering companies, with 34.5% of respondents in this sector saying they were the most frequently experienced attack type.
Financial services are at the mercy of custom malware with 45% saying this was the most frequently experienced attack type (compared with an average of 18%).
France suffered by far the highest frequency of Google Drive (cloud-based attacks) with 71% naming it most commonly experienced. Custom malware was a greater than average problem in the Netherlands (28% compared with an average or 18%)
Nearly half of respondents surveyed reported very significant gaps around communication with their external parties.
91% of all respondents stated that they had seen an increase in overall cyberattacks.