The latest research from Trend Micro Incorporated has revealed that 20% of global organisations rank cyber espionage as the most serious threat to their business, with a quarter (26%) struggling to keep up with the rapidly evolving threat landscape.
In addition, one in five U.S. organisations have suffered a cyber espionage-related attack in the last year.
The research, which surveyed 2,402 enterprise IT decision makers across Europe and the U.S., shows cyber espionage topping the list of largest security concerns for 2017, followed by targeted attacks (17 %) and phishing (16%).
>See also: Cyber threat hunting: combatting the new face of espionage
Businesses in Italy (36%), France (24%), Germany (20%) and Netherlands (17%) topped the list for regions who fear cyber espionage the most, which is notable in light of their respective elections taking place this year across Europe.
Raimund Genes, chief technology officer for Trend Micro, said, “The data shows fears over foreign government interference in democratic processes are now very real, as we saw with accusations over Russian involvement in the U.S. presidential elections.”
“As general elections occur around the world, we see cyber propaganda becoming the norm this year, and the repercussions will be felt within businesses as they struggle to protect themselves from potentially disastrous cyber breaches.”
Eight out of ten countries cited the increasing unpredictability of cyber criminals (36% overall) as one of the three biggest challenges to protecting against cyber threats.
A further 29% flagged a lack of understanding of latest threats and a quarter (26%) are struggling to keep up with the rapidly evolving landscape and increasing sophistication of cybercriminal activity.
“As more of our critical data is being moved online, nation states are now targeting businesses to obtain this data and businesses are struggling to keep up, which could also be placing critical infrastructure at risk,” said Genes.
“Nation states are able to use far more sophisticated methods, enabling them to target institutions such as hospitals, utilities and traffic signals, with far more disastrous consequences.”
>See also: How common is insider misuse?
According to the research, almost two-thirds (64%) of businesses experienced a ‘known’ major cyber-attack in the past 12 months, with the average being four. Amongst this group, ransomware was by far the most common threat type, with 78% of respondents claiming to have been attacked at least once in the period.
In fact, only 16% of those who had experienced an attack had not suffered a ransomware attack.
In line with Trend Micro’s security predictions for 2017, just 10% of organisations think ransomware will pose a threat in 2017, despite a 748% increase in ransomware attacks in 2016, resulting in $1 billion in losses for enterprises worldwide.
The number of ransomware families is predicted to grow by a further 25% in 2017, diversifying to devices such as mobile phones, IoT devices and Industrial IoT devices (IIoT).
“As the internet and the real world intersect, hackers are increasingly infiltrating critical systems and infrastructure,” said Genes. “With the IIoT introducing risks to enterprises utilising industrial control systems, this has significant consequences. We saw this with the recent attack on Ukraine’s national grid leaving 225,000 homes without power, and research showing that traffic signalling systems are easily searchable online.”
Business email compromise (BEC) – also known as CEO fraud or “whaling” – was pegged as a threat by just 12% of respondents, indicating that businesses are underestimating the impact of these attacks. BEC scams are proving to be incredibly lucrative, resulting in an average of $140,000 in losses for global companies in 2016.
>See also: Inside the mind of a state-sponsored hacker
“There’s no silver bullet for cyber security; these threats are constantly evolving,” stressed Genes. “While many organisations will be wooed by exciting new security technologies, this Elastoplast approach means they will be quickly bypassed and become obsolete. The increasingly unpredictable tactics used by well-funded cybercriminals and the fast evolving threat landscape highlights the fundamental need for businesses to have a layered defense to greatly reduce the risk.”
As enterprises defend against the more than 500,000 new, unique threats created every day, Trend Micro recommends that organisations consider a connected multi-layered security approach that centralises visibility into and control over endpoint, network, web, email, cloud and physical and hybrid cloud servers to speed up time to protect, detect and respond.
This should include smart capabilities that provide maximum protection such as intrusion prevention, behavioural analysis, exploit prevention, application control, anti-malware and content filtering, integrity monitoring, response and containment, machine learning and sandbox analysis. IT leaders should prioritise solutions that are optimised to work across a variety of environments to minimise the impact on IT.