Tuesday 22, May 2018 by Jessica Combes

Supply chain the new weak link in business security

 

Cybercriminals are turning their attention to the supply chain as a new means to exploit business data 

2017 saw a worrying increase in ransomware and other cyberattacks targeting the supply chain, with the business and professional services sector receiving a significant increase of attacks, particularly in the EMEA region, which saw 20 per cent of all attacks targeting this sector. This is according to Dimension Data that published its Executive Guide to the NTT Security 2018 Global Threat Intelligence Report. 

The businesses and professional services sector received 10 per cent of global ransomware attacks, the third most targeted industry (up from sixth position in 2016), behind finance and technology. It also ranked third in the Americas (nine per cent) and was the most vulnerable sector in EMEA, receiving 20 per cent of all attacks. 

As ransomware-related outsourced incident response engagements against financial institutions declined (a drop from 22 per cent in 2016 to five per cent last year), the business and professional services supply chain has clearly become a prime target for trade secrets and intellectual property theft, potentially exposing customer and business partner data. 

Despite the drop in outsourced incident response engagements, the finance sector remains the number one target for cyber criminals who carry out regular reconnaissance to spot potential infrastructure and application vulnerabilities. 

“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors. Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them and ensure all aspects of their operations are robustly and securely protected,” said Mark Thomas, Dimension Data’s Group CTO for Cybersecurity. 

Technology was the second most cyber-attacked industry in 2017, with a 19 per cent attack volume, with business and professional services moving to third place. Interestingly, attacks on the government sector last year dropped to five per cent from nine per cent in 2016. 

In 2017, there was a massive 350 per cent rise in ransomware, representing seven per cent of all global malware attacks (up from one per cent in 2016), and is set to continue due to the popularity of cyber adversary campaigns. 

“In Europe, Middle East & Africa (EMEA), ransomware accounted for nearly 30 per cent of cyberattacks compared to the global average of seven per cent. EMEA was also the only region in which ransomware was the number one type of malware due to various cyberattack campaigns, including the WannaCry and NotPetya epidemic,” said Mechelle Buys Du Plessis, Managing Director – UAE, Dimension Data.

She added that new regulations, an alarming spike in ransomware attacks, and an uncertain geopolitical picture all contributed to unique cybersecurity challenges for the EMEA region over the last year. The business and professional services sector was the most targeted sector in EMEA, representing 20 per cent of all attacks. “This sector includes organisations such as service providers and outsourcers, making them a prime target for theft of trade secrets and intellectual property. If left unprotected, organisations may have their customer and partner data/credentials exposed. These can be used by cybercriminals to remotely access infrastructure, unimpeded.”


Features & Analyses