We are excited to announce the publication of our new Global Threat Intelligence Report (GTIR). The report is our most comprehensive one yet. Analysing content from NTT Group companies and data from our new Global Threat Intelligence Center, the GTIR highlights the latest phishing and ransomware attack trends, and the impact of today’s threats against global organisations.
Most cybersecurity reports are meant for security professionals. They are not intended for use by anyone without significant security knowledge and experience. But we have taken a different approach for this year’s GTIR. We want to provide a resource for educating everyone with security responsibilities, from security and IT professionals through to executives, management, and end users. In today’s environment, everyone has an important role to play in cybersecurity.
Findings from the new GTIR confirm that users are facing a significant set of problems. This, at the very least, includes managing their own security expectations and maximising their ability to protect both personal and organisational data.
For example, phishing attacks are constantly launched at every organisation and employee – meaning everyone should take responsibility for information security in the business. Our report reveals that, based on data from 1 October 2015 to 31 September 2016, phishing attacks were accountable for 73% of all malware delivered to organisations, with government (65%) and business & professional services (25%) as the industry sectors most likely to face such attacks at a global level.
Phishing is also widely used as a mechanism for distributing ransomware – a form of malware designed to hold data or devices hostage. In fact, 22% of incident response engagements were related to ransomware attacks, making it the single most common reason for an incident response engagement.
The typical impact of ransomware is not what businesses might expect. With an average pay out of about $700, ransoms are usually relatively low, but there are exceptions. In the best cases, organisations can safely restore from an uninfected backup. In the worst cases, they can pay ransoms of over $50,000 USD and not get their data restored, since there is no guarantee paying a ransom will result in decryption. Organisations actually face more costs due to their inability to provide service to their customers while the ransomware is in place along with the embarrassment if the attack becomes publicly known.
Phishing and ransomware are only a couple of the threats discussed in this year’s GTIR, which includes data from NTT Security’s monitoring services, as well as our global honeynet and incident response engagements. For more findings on the top threats, and how they should be handled by businesses, download our 2017 Global Threat Intelligence Report (GTIR) now: https://www.nttsecurity.com/GTIR2017
It makes interesting reading for everyone. However, our end goal is not to create fear, uncertainty and doubt or to overcomplicate the current state of the threat landscape. At NTT Security, we want to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks – not just security professionals. We want to ensure everyone is educated about these issues and understands that they have a personal responsibility when it comes to protecting their organisation, and that the organisation has an obligation to help them do so.