Posts Tagged :

NTT Security

Half of all phishing attacks originate from EMEA

960 719 Stuart O'Brien

A report published by NTT Security has revealed that over half (53%) of the world’s phishing attacks originated from Europe, the Middle East and Africa (EMEA).

The Global Threat Intelligence Report (GTIR) analysed global threat trends from 1st October 2015 – 31st September 2016 and showed that of all phishing attacks worldwide, 38% came from the Netherlands, second only to the US (41%).

The data also revealed that nearly three-quarters (73%) of all malware globally was delivered to its victims because of a phishing attack.

The report highlights the latest ransomware, phishing and DDoS attack tends and the impact of these threats against organisations, with the UK the third most common source of attacks against EMEA, behind the US at 26% and France 11%.

In terms of top attack source countries, the US accounted for 63% with the UK following at 4% and China 3%.

Some of the biggest regional differences related to brute force attacks, which are commonly used to crack passwords. Of all brute force attacks globally, 45 per cent started in EMEA – more than the Americas (20 per cent) and Asia (7 per cent) combined. In addition, 45 per cent of brute force attacks that targeted EMEA customers also started in the region.

Dave Polton, Global Director of Innovation at NTT Security, is calling for more active collaboration between business, government and law enforcement agencies to tackle global threats and to ensure measures are in place that will have a long-lasting impact on global security.

“While phishing attacks affected organisations everywhere, EMEA unfortunately emerged as the top region for the source of these attacks,” said Polton. “These figures, combined with those for brute force attacks, should be of very serious concern for any organisation doing business in EMEA, especially with the EU General Data Protection Regulation (GDPR) just around the corner.

“Any organisation processing data belonging to EU citizens need to demonstrate that their information security strategy is robust.”

Other key EMEA figures:

In EMEA, over half (54%) of all attacks were targeted at just three industry sectors – Finance (20%), Manufacturing (17%) and Retail (17%)

Over 67% of malware detected within EMEA was some form of Trojan

Top services used in attacks against EMEA – File shares (45%), Websites (32%) and Remote administration (17%)

Frank Brandenburg, COO and Regional CEO, NTT Security, concludes: “We all know that no security plan is guaranteed, and there will always be some level of exposure, but defining an acceptable level of risk is important. Clients are starting to understand that by default every employee is part of their organisation’s security team, and businesses are now seeing the value in security awareness training, knowing that educating the end user is directly connected to securing their enterprise.

“Expanding cyber education and ensuring employees adhere to a common methodology, set of practices, and mind set are key elements. Clients see that assisting and coaching their employees (end users) on the proper usage of technology will only enhance the organisation’s overall security presence.”

www.nttsecurity.com

Industry Spotlight: The NTT Security threat intelligence report

1024 913 Stuart O'Brien

NTT Security has released The Security Engineering Research Team (SERT) Quarterly Threat Report for Q4 2016, which contains analysis of events identified through global visibility of the NTT Security client base.

NTT Security researchers observed a noticeable shift in the types of attacks from previous quarters – particularly exhibited by a much narrower scope of attack vectors.

Several vulnerabilities such as Oracle Server Backup in the retail industry and Linux password files in the finance industry were specifically targeted – likely indicative of criminals identifying specific flaws and crafting attacks to fit, a sign of more sophisticated and directed efforts.

You can download a copy of the report by clicking here

Online retailers must be transparent after a data breach, says NTT Security…

800 450 Jack Wynn

Online shoppers in the UK are demanding retailers to be honest and transparent on whether they have suffered a security breach, a survey commissioned by NTT Security has revealed.

When asked what retailers could do to help build consumer trust whilst online shopping, 80 per cent of the 500 survey respondents said they expect more transparency following a breach, as well as more secure payment options and for retailers to insist on regularly changing and using strong passwords.

Further to worrying about the risk of paying online and identity fraud, the majority are also concerned about the privacy of personal information (63 per cent), a site being fake (63 per cent) and the risk of being sent ‘phishing emails’ that link to malware (60 per cent).

Stuart Reed, director at NTT Security said: “The retail sector is among one of the most targeted industries for attacks and, with one of the busiest trading periods of the year now upon us, it makes sense that both consumers and retailers are diligent in terms of data security.

“While some shoppers are happy to continue using sites, even when they have been breached, they are also anxious for retailers to let customers know when they have been hacked. Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.”

However, only 18 per cent would permanently stop using a retailer’s website if a security breach was exposed and a third admit they would carry on using an online store but would upgrade their security.

More than 40 per cent believe retailers should publish their privacy policies to allow customers to see how data is being stored and managed, while a third (32 per cent) want stores to listen and respond to customer concerns via social media to help build consumer trust.

 

Read more on the research, including five top tips on how retailers can mitigate cyber risks here

Industry Spotlight: How can we address the cyber security skills shortage?

800 450 Jack Wynn

Various industry research studies suggest that many businesses of all sizes are ill-equipped to address cyber security threats, leaving them vulnerable to hackers.

According to NTT Security’s Risk:Value 2016 report, while most decision makers admit they will be breached at some point, just half agree information security is ‘good practice’. This raises the question as to why businesses are holding back from minimising the effects of an impending breach. Some argue there is a lack of internal resource to keep up with the growing threats, indicating that it is no longer possible for many organisations to tackle all aspects of security in-house.

Organisations are left under-skilled and under-resourced in security terms, and this is evidenced by a recent cyber security talent report, which estimates there are 1m unfilled security jobs worldwide. This is unlikely to change in the near future and could get worse – with Frost & Sullivan predicting there will be 1.5m unfilled jobs by 2020.

According to the firm, security analyst tops the list of positions that are in most demand, with 46 per cent reporting a staffing deficiency at that position, followed by security auditor (32 per cent), forensic analyst (30 per cent) and incident handler (28 per cent).

Information security needs to be seen as a career choice, with greater awareness in schools and colleges globally in order to attract more people into the profession. Until then, companies need to think carefully about a future that relies on getting by with existing resources or outsourcing some or all of their security operations.

An organisation’s IT team will be grounded in IT fundamentals and daily business operations, so would be well placed to take on roles in cybersecurity. Security experts need a great mix of technical and soft skills, which are usually honed over many years. They need to know how to communicate effectively with non-IT colleagues and understand business processes, compliance and analytics. They also need to have a genuine interest in cybersecurity.

Training staff is a long-term investment, but technology products change faster than an organisation can train its team. A commitment to training and professional development is a strategic decision needing budget. There’s the cost of training, as well as the length of time it takes to train each person while keeping skills and certifications up-to-date. Plus, when people leave, you have to start the process over again.

Investing in internal resources therefore isn’t an option for a large number of organisations. Almost half of companies worldwide lacked in-house security skills, according to Frost & Sullivan’s 2015 (ISC)2 Global Information Security Workforce Study, while a third plan to use managed and professional services to address these skills shortages.

Outsourcing some or all of an organisation’s security operations to a Managed Services Provider can alleviate the problem. A trusted provider will know how and where to find the right experts, invest in training and improving professional qualifications, and continuously monitor an organisation’s network round the clock. If companies find they don’t need to fully outsource their security operations, they can use an MSSP to fill specific gaps, such as incident response.

There’s no silver bullet in terms of training internal resources or hiring new resources, but there’s never been a more important time to address the skills gap.  

 

Words by Stuart Reed, senior director at NTT Security