The latest Verizon Cyber-Espionage Report (CER) released by the Verizon Threat Research Advisory Center (VTRAC) reveals that more cyber-espionage breaches occur in Asia-Pacific (42%) compared to Europe, Middle East and Africa (34%) and North America (23%).
The most targeted industries for attacks include the public sector (31%), followed by manufacturing (22%) and professional services (11%). The top actors in cyber-espionage breaches are state-affiliated (85%), nation-state actors (8%) and organized crime (4%).
The CER found that data that is confidential, sensitive or business-critical is often most targeted in cyber-espionage breaches, as attackers seek out data that could impact national security, political positioning and economic competitive advantage.
Recommendations:
- Regular security awareness training – Employees are the first line of defence. Social engineering, or phishing, is a common method cyberspies use to gain access into sensitive systems. It is crucial that employees undertake regular security awareness training.
- Strengthen boundary defences – Effective boundary defences (e.g. network segmentation) and stronger access management capabilities (e.g. access granted on a need-to-know basis) can mitigate cyber-espionage attacks.
- Managed detection and response (MDR) – A robust MDR offering can identify indicators of compromise on the network and the endpoints. Essential components of MDR include security information and event management (SIEM) technologies; threat intelligence; user and entity behaviour analytics (UEBA); and threat hunting capabilities, as well as integrations with endpoint detection and response (EDR), network detection and response (NDR), and deception technologies.
- Data leakage/loss prevention (DLP) – Can flag sensitive data being snuck out the back door.
- Optimizing cyber threat intelligence – Recognizing indicators of compromise; leveraging tactics, techniques and procedures; and implementing a strong incident response plan are also important strategies for combating cyber-espionage.
John Grim, lead author of the Verizon Cyber-Espionage Report suggested that defences and detection and response plans should be tested regularly and optimized to confront cyber threats head-on.
“This is particularly important for Cyber-Espionage breaches, which typically involve advanced threats targeting specific data and operating in ways to avoid detection and deny cyber defenders effective response,” he concluded.
