Dimension Data has revealed a record level of vulnerabilities in its Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report, concerning the cybersecurity maturity of organizations across a number of markets and sectors.
Globally, the average cybersecurity maturity rating stands at a worrying 1.45 out of 5 – a score determined by an organization’s holistic approach to cybersecurity from a process, metrics and strategic perspective. This comes during a time when security vulnerabilities have also surged to a record high (up 12.5% from 2017).
The finance (1.71) and technology (1.66) sectors boast the highest maturity ratings and are continuing to ramp up their security posture, most likely prompted by their unenviable positions as the most commonly targeted industries, each accounting for 17% of all attacks recorded in 2018.
Globally, 35% of attacks originate from IP addresses within the US and China, followed by EMEA and APAC. Overall, there’s a significant gap between regions’ current state of cybermaturity versus where they want to be over the next 12–36 months. Ambitions outpace preparedness most noticeably in the Americas and Europe, both of which fall behind the global benchmark.
The report highlighted Europe’s financial sector as a particular concern. It’s current cybersecurity maturity level (1.21) falls well below the global average of 1.45. This region also experiences the highest volume of attacks against the financial services industry globally, and consequently needs increased vigilance in the year ahead.
Conversely, finance has a relatively strong cybermaturity posture in the Americas. The sector’s current maturity state (1.71) is above the global average (1.45). It also has strong cybermaturity ambitions compared to the average. However, the Americas’ technology sector’s maturity rating (1.35) lags the global maturity average (1.45), despite it being the most-targeted sector.
Scouring trillions of logs and billions of attacks, the research also revealed the most common attack types, with web attacks the most prevalent threat, doubling in frequency since 2017 and accounting for 32% of all attacks detected last year. Reconnaissance (16%) was the next most common hostile activity, closely followed by service-specific attacks (13%) and brute-force attacks (12%).
Cryptojacking, while still in its infancy, also caught many organizations off guard in 2018. According to a recent joint paper by the Cyber Threat Alliance (CTA), NTT Security, and other CTA members, cryptojacking detections increased by a staggering 459% between 2017 and 2018. Actions to guard against cryptojacking include applying least privilege controls, implementing egress and ingress filtering restrictions, implementing browser plugins to limit site functionality, denying Stratum protocol usage, and segmenting network environments.
Dimension Data’s Executive Guide said many vulnerabilities were discovered in older software and have been present for years. For instance, the GNU Bash vulnerability (also known as ‘Shellshock’) which was discovered in 2014 and affects most Unix, Linux, and Mac OS X platforms, continues to be one of the most commonly targeted vulnerabilities today. Some vulnerabilities were in processor chips and have the potential to shake up the entire computing world. Other, new, vulnerabilities this year were introduced through patches originally intended to resolve other vulnerabilities.
The report says the fightback against cybercrime is gathering momentum, and attracting board-level interest. Among the positive trends identified by the report is the fact that predictive threat intelligence is reaching new heights. In addition, organizations’ security investments are becoming more informed, targeted, and strategic, and cybermaturity benchmarking is gaining popularity.
While legacy cybersecurity tools can help cyber resilience, the report authors also recommend that organizations consider embracing automation and machine learning in cybersecurity applications, and embed security testing within the software development lifecycle. In addition, rather than devoting extensive resources to expand in-house security operations centers and extend security teams, the report suggests organizations engage with a trusted partner to deliver these capabilities as a managed security service.