Authors: Kristél Kriel, Nathan Schissel and Matthew Douglas, summer law student
In the constantly evolving digital landscape, the prevalence and sophistication of cyber threats, and subsequent attacks, continues to escalate. This has put more pressure on businesses to develop a proactive approach to safeguard their organizations’ assets against cyber threats.
IBM’s X-Force Threat Intelligence Index on 2022 statistics reveals the impacts of cyberattacks were felt throughout nearly all industries of the global economy.
The leading industries attacked include:
- Manufacturing (25%)
- Finance and insurance (19%)
- Professional, business and consumer (PBC) services (15%)
The Asia-Pacific was the most targeted region, finding itself subject to 31% of attacks, with Europe (28%) and North America (25%) not far behind.
Attacks on manufacturing industry
Players within the global manufacturing industry regularly found themselves in headlines for a variety of different cyberattacks and subsequent impacts.
Extortion was the leading impact of attacks which occurred in 32% of cases. Following extortion, data theft (19%) and data leaks (16%) were also felt throughout the industry. Backdoor implementation occurred in 28% of incidents and ransomware was used in 23%.
Attacks on the global finance and insurance industry
The global finance and insurance industry is relatively further along the digital transformation and cloud adoption process, making attacks more difficult. However, even with these protections, they still found themselves the runner up for the number of cyberattacks.
Of the attacks, 29% consisted of the implementation of a backdoor. Tied for the second most common objective were ransomware and maldocs, which each occurred in 11% of attacks. Of the gateways used to execute cyberattacks, spear phishing attachments were used 53% of the time, exploitation was utilized 18% of the time, and spear phishing links were used in 12% of attacks.
Attacks on PBC services industry
The PBC services industry was the third most targeted industry. Professional services include consultancies and management companies. Business services include IT and technology services, public relations, advertising and communications. Consumer services include home builders, real estate, arts, entertainment and recreation.
Ransomware and backdoors were both used in 18% of cyber-attacks on this industry. The leading gateways for executing the cyber-attacks were public-facing applications and external remote services which both occurred in 23% of attacks. Behind them, spear fishing attachments and valid local accounts were each used in 15% of attacks.
Attacks on energy industry in North America
The energy industry was the most prominently attacked industry in North America specifically, constituting 20% of cyberattacks; with the manufacturing (14%), retail-wholesale sector (14%) and the PBC services industry (12%) not far behind.
Consequences of these attacks included credential harvesting (25%), data leaks (17%), data theft (17%) and extortion (13%). The two leading infection vectors were public facing applications (35%) and spear phishing attachments (20%). The United States housed 80% of the total attacks in North America.
How your organization can avoid becoming a statistic
It is imperative organizations prioritize their cybersecurity to avoid falling victim to an attack.
Identifying the organization’s assets, including critical data, is the first step. More specifically, accurately identifying assets on the organization’s perimeter (i.e. most vulnerable assets).
Ensuring asset management programs encapsulate source code and credentials is a further step toward ensuring protection.
Identifying threat actors and actions most likely to target the organization, industry and geography are also vital to proper cybersecurity. This includes identifying the level of sophistication, which tactics, techniques and procedures are likely involved in an attack.
Most importantly, organization’s must ensure systems are in place to monitor the safeguards in place and the presence of an attack. An effective mechanism for achieving this is having an internal team deploy offensive testing to identify weaknesses in the current systems in place and making appropriate modifications.
Incident Response Plan (IRP)
Preparation is paramount minimizing the risk of a cyberattack. This includes having a consensus understanding of what to do when an attack occurs. This can be done by formalizing an IRP. The organization’s IRP should be regularly tried and tested to identify ways to modify and increase protections.
The leading Innovation, Data and Technology team at MLT Aikins would be happy to craft an IRP tailored to your organization, so when a cyberattack occurs, you can eliminate or minimize the subsequent loss.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.