NTT Ltd., a global technology services company believes that being intelligent associates with being data-driven, connected, digital and secure. As a global ICT provider, they recently conducted the Global threat Intelligence Report (GTIR), that provides a comprehensive view of the types of threats impacting global organizations, together with emerging trends across different industries and regions, including the Americas, APAC and EMEA.
Gairika Mitra gets into a candid conversation with Murtaza Bhatia, Head – Vertical Solutions, NTT Ltd. (India) to gain an insight into what kinds of threats are most prevalent in the tech space, and how to combat them.
Edited excerpts:
As per your Global Threat Intelligence report, 55% of all attacks in 2019 were a combination of web-application and application-specific attacks, up from 32% the year before. Could you tell us a little more about this?
Application-specific attacks or web-application attacks were the most common attack type in 2019 for all five of the top attacked industries. These include technology, government, FSI, business and professional services and education. They were the two most common attack types in Japan, and application-specific attacks were the most common attack types in Singapore and Hong Kong.
Application-specific attacks target vulnerabilities in applications, including broken authentication and session management, non-secure direct object references, lack of encryption for data at rest and in transit, escalation of privileges and trojanized or unpatched third-party applications. Web attacks are attacks against services and applications that support a web presence, such as command injection, SQL injection, and cross-site scripting.
These top-five industries have been heavily targeted in previous years. Attacks against the web presence of organizations in these industries are common, as attackers attempt to either compromise public-facing applications, or compromise the underlying systems supporting web services.
How do you think has technology become the most attacked industry? Please share some statistics.
Technology experienced nearly a 70% jump in overall attack volume. This was led by significant jumps in both application-specific attacks and DDoS attacks. Like most industries, application-specific attacks focused on technologies supporting the industry’s web presence, most notably CMS systems and web technologies such as Microsoft’s IIS, Joomla! and ColdFusion.
Technology became the most attacked industry in 2019 for the first time, accounting for 25% of all attacks (up from 17% last year). The technology sector experienced the highest rate of ransomware attacks than any industry making up as 9% of all threat detections; no other industry showed detections for this malware category above 4%. Significant increases in application-specific and DoS/DDoS attacks, along with weaponization of IoT attacks also contributed to technology becoming the most attacked industry.
The technology industry is often targeted as they maintain large amounts of sensitive data. They tend to function in a collaborative environment and are often pathways to other industries as they provide business enablement capabilities. Attackers wishing to gain a competitive advantage, or shrink a competitive disadvantage, often target these organizations to steal insider information such as technical secrets. This targeting includes establishing long-term access in the infrastructure of technology organizations, the identification of account details (systems, usernames, and passwords) and the subsequent exfiltration of sensitive internal data. Significant increases in application-specific and DoS/DDoS attacks, along with weaponization of IoT attacks against technology contributed to technology becoming the most attacked industry in 2019.
Which are the key sectors that have been the most vulnerable? By what percentage?
Technology became the most attacked industry in 2019 for the first time, accounting for 25% of all attacks (up from 17% last year). This was followed by the Government, in second position, driven largely by geo-political activity accounting for 16% of threat activity. The finance sector was third, accounting for 15% of all activity. Business and professional services at 12% and Education at 9%, completing the top five of the most vulnerable sectors in 2019.
The 2020 GTIR also calls last year the ‘year of enforcement’ as the number of Governance, Risk and Compliance (GRC) initiatives continues to grow, creating a more challenging global regulatory landscape. Several acts and laws now influence how organizations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world, and The California Consumer Privacy Act (CCPA) which recently came into effect. The report goes on to provide several recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities, and implementing solutions that are secure-by-design into an organization’s goals.
How can organisations better prepare themselves under such circumstances?
Constant pressures in the market, the spread of Coronavirus (COVID-19) and the need to deliver consistent, reliable services require much more than having the ability to recover from disruptions.
Organisations must implement infrastructure, applications, and operations which are secure by design, that include security as a key and conscious decision in the approach to designing business solutions end-to-end. Implemented properly, cyber-resilience brings together information security, business continuity, and organizational resilience, ensuring a secure by design approach. Security best practices must be considered and built into policies, procedures, infrastructure, and applications, as well as provide appropriate visibility into, and control over these components, regardless of normal or adverse activity.
Integrating cybersecurity processes from the outset can strengthen digital transformation projects. Organizations must understand cyber threat actors have the advantage of time, robust tools, and the element of surprise. In assuming a breach, organizations will need to prepare, manage, respond, and recover to their desired state, and do so rapidly. To achieve this, some foundational concepts must be well planned and executed:
- Develop a cybersecurity strategy and ensure proper leadership support
- Use a common language of risk while aligning security with business objectives
- Establish the optimal security mindset and ensure all employees are aware they have a role in the success of the organization’s security program
- Identify and map risks to critical assets
- Design, build, and deploy solutions which are difficult to attack and are ‘secure by design’
- Secure the foundation and do not undervalue the foundations of security. Get the basics right first and build additional capabilities upon the strong foundation
- Implement appropriate security monitoring to reduce adversary dwell time
- Embrace the applied intelligence approach and ensure proactive defense and adaptive response capabilities are well architected and implemented
- Measure your security capabilities and adjust your priorities based on insight from reporting, metrics, and validation processes