EMEA businesses 'under constant cyberattack'

(Image credit: Shutterstock)
(Image credit: Shutterstock)

European businesses are facing more cyberattacks than ever before as criminals widen the reach of their assaults, new research has found.

A wide-ranging report by NTT Security discovered that financial firms are seeing a particular rise in the threats they face, accounting for 30 percent of all attacks recorded on the continent last year.

This was followed by the business and professional services sector (24 percent), technology (17 percent) and manufacturing (nine percent), with the finance industry also seeing a major increase in web atatcks, which grew from 22 percent to 43 percent.

TechRadar Pro was invited to NTT Security's Security Operations Centre (SOC) in Gothenburg to get a first look at the company's 2019 Global Threat Intelligence Report (GTIR).

The 120-year-old company, which gets visibility over 40 percent of the world's entire internet traffic to examine trillions of data logs worldwide ever year, sifting through billions of attacks, comprised its report to see which sectors are most at risk of attack.

The 2019 GTIR found that 73 percent of all hostile activity falls into 4 categories - reconnaissance, web attacks, service-specific attacks and brute-force attacks.

"This doesn't really surprise us," says Rob Kraus, NTT Security's senior director, Global Threat Intelligence Centre, Operations, "we try to make sure we take all of these activities and notify them when it's really a problem."

Transforming

As mentioned above, Finance remained top attacked sector, as it has for 6 of the past seven years, with Kraus noting that attackers often go where the money is. But it has now been joined by technology sector this year, with the quick pace of development in the industry, especially in the IoT space, helping widen the threat vector.

“Finance is yet again on the top spot when it comes to targeted attacks, which surely is enough evidence to convince the board that cybersecurity is a must-have investment," noted Kai Grunwitz, SVP NTT Security EMEA. 

"Sadly, many financial organisations are moving forward with digital transformation but without security built-in. While legacy methods and tools are still quite effective at providing a solid foundation for mitigation, new attack methods are constantly being developed by malicious actors."

"Security leaders should ensure basic controls remain effective, but they must also embrace innovative solutions if they provide a good fit and true value."

(Image credit: Image Credit: Geralt / Pixabay)

The US was found to be the main source of attacks, accounting for 22 percent of the global share, followed by China (13 percent) and Japan (six percent) - with just ten countries making up two-thirds (66 percent) of all recorded attacks.

App and web assaults accounted for 32 percent of all attacks globally, with NTT Security noting that the increasing proliferation of web apps make them a very lucrative target.

“Some of the most prevalent activity in EMEA during the past year was related to web-application attacks – and it’s not surprising," Grunwitz added. 

"These attacks most often rely on leveraging an exposed unpatched vulnerability or misconfigured system, targeting organisations with high volumes of sensitive data. The consequences could be devastating as it could be used for financial gain, industry superiority or corporate espionage. Our GTIR once again highlights the fact that critical vulnerabilities – both old and new – need to be patched as quickly as possible in client environments, especially given the convergence of IT with Operational Technology.”

Worryingly, the report suggests that despite the increasing number of threats, many businesses are still ill-prepared to cope with cyberattacks.

NTT Security found that less than half of companies (49 percent) had an incident response plan in place, despite this being a crucial part of GDPR. The company is calling for "security by design" best practices, and getting cybersecurity on the board agenda, otherwise your business could end up paying a significant price for its vulnerabilities.