Research by the Swedish Security and Defence Industry Association (SOFF) shows that 94% of all cyberattacks currently aimed at the manufacturing industry are motivated by espionage, usually with the intent to steal trade secrets or sabotage plants, says network and applications security multinational F5 Networks major channel account manager Simon McCullough.
The nature and style of these attacks are not surprising, considering that manufacturing, along with public administration and educational services, tends to aggregate large volumes of attractive, highly sensitive data, he says.
“Hackers acting on behalf of nation-State powers are no longer just out to disrupt critical infrastructures, but are actively seeking trade secrets.”
The recently released Verizon ‘Data Breach Investigations Report’ shows a sharp uptick in nation-State attacks, up from 12% of all analysed breaches to 23% in the past year, while 25% of breaches are currently influenced by cyberespionage, up from 13%, he adds.
Further, the SOFF predicts that security researchers now spend 90% of their time looking into espionage-based targeted attacks. Ten years ago, they would spend a similar percentage of their time focusing on criminal campaigns.
“The financial impact associated with data breaches, regardless of their being espionage-based, is significant for organisations. The SOFF also adds that 90% of the impacts caused by a cyberattack tend to be hidden beyond the necessary mitigation, customer notification or legal action.”
Another alarming trend is that hackers acting on behalf of nation-States are increasingly carrying out zero-day attacks. Cybersecurity Ventures research predicts there will be one zero-day attack a day by 2021. Unfortunately, a zero-day attack is the first instance of a vulnerability being exploited, so, if adequate defences are not in place, organisations will have to contend with a long recovery operation.
Recent analysis from reporting organisation PhishMe found that phishing emails are responsible for 91% of cyberattacks.
“The number of State-sponsored attacks is only going to rise with the imminent impacts of trends like 5G and the Internet of Things. Cybercriminals are exploiting new emerging attack surfaces.”
However, McCullough says a range of new technologies – such as artificial intelligence (AI) solutions – is emerging to assist in the fightback.
AI solutions that can analyse traffic in real time to spot unusual behaviours and anomalies previously hidden are being developed. These types of AI are explicitly designed to understand how traffic is meant to function, automatically flagging problems as they occur.
There will always be a need to apply security at every level and on every surface, including endpoints, applications and infrastructure, he adds.
Further, applications require consistent, intelligent and adaptable policies wherever they reside, whether on-premises, in the cloud or in a multicloud environment.
Modern authentication techniques, such as the principle of least privilege and two-factor authentication, should become the norm. Organisations must constantly review and update security settings and tools, as well as run regular penetration tests to monitor and improve staff behaviour, advises McCullough.
“Organisations need to ensure that all staff are equipped with the tools they need to do their jobs safely, including for bring-your-own-device environments. “Pre-emption, prevention and continuous education are required to combat the threats ahead,” he concludes.