APAC’s public sector has been at greatest risk of advanced cyber-espionage attacks, according to a retrospective study.
In analyzing seven years’ worth of cyber-espionage data, the current conclusion is that such attacks occur more frequently in the Asia-Pacific region (42%) than in the Europe, Middle East and Africa (34%) and North America (23%) regions.
The most targeted industries for such attacks include the public sector (31%) followed by manufacturing (22%) and professional services (11%).
The grim results, according to John Grim, lead author of the Verizon Cyber-Espionage Report (CER), point to the fact that cybercrime comes in all shapes and sizes, but fighting and preventing it is of equal importance. “Defenses and detection and response plans should be tested regularly and optimized to confront cyber threats head-on. This is particularly important for cyber-espionage breaches, which typically involve advanced threats targeting specific data and operating in ways to avoid detection and deny cyberdefenders an effective response.”
According to the retrospective data, the top actors in cyber-espionage breaches have been state-affiliated (85%), nation-state actors (8%) and organized crime (4%). Data that is confidential, sensitive or business-critical is often most targeted in cyber-espionage breaches, as attackers seek out data that could impact national security, political positioning and economic competitive advantage.
The data, culled from incidents between 2014 and 2020, contains recommendations for organizations to improve their defenses and recover from cyber-espionage attacks:
- Conduct regular security awareness training
Employees are the first-line of defense. Social engineering, or phishing are common methods used by criminals to gain access into sensitive systems. It is crucial that employees undertake regular security awareness training.
- Strengthen boundary defenses
Effective boundary defenses (e.g., network segmentation) and stronger access management capabilities (e.g., access granted on a need-to-know basis) can mitigate cyber-espionage attacks.
- Consider managed cybersecurity services
Managed detection and response (MDR) services can identify indicators of compromise on the network and the endpoints. MDR includes security information and event management (SIEM) technologies; threat intelligence; user and entity behavior analytics (UEBA); and threat hunting capabilities, as well as integrations with endpoint detection and response (EDR), network detection and response (NDR), and deception technologies.
- Protect your data
Data leakage/loss prevention (DLP) features can flag sensitive data being snuck out the back door. Also, optimize cyberthreat intelligence for recognizing indicators of compromise; leveraging tactics, techniques and procedures; and implementing a strong incident response plan.