In its first ever cyber-espionage Study, Verizon warned that while public sector organizations are the most frequent victims of cyber-espionage breaches no vertical is safe from the stealth attacks.
Cyber-espionage, the act of gathering non-public information by hacking into systems, is a minimally understood threat that often goes undetected for days, weeks or even years. Verizon is calling attention to these stealth attacks as a unique challenge in its new Cyber-Espionage Report (CER). Based on seven years of Verizon Data Breach Investigations Report (DBIR) research and over 15 years of Verizon Threat Research Advisory Center (VTRAC) intelligence, the CER reveals that a small handful of industries suffer a disproportionate number of surveillance-based attacks.
Profit the main driver for cyber-espionage
Verizon found profit was the primary motive driving 86% of the attacks. Threat actors concentrate their cyber-espionage strikes on a handful of verticals with public sector the most often compromised, making up 31% of the incidents in the category. The other targeted industries include manufacturing, professional services, information, mining and utilities, education, and financial services. The public sector, manufacturing and professional services together account for 64% of all incidents.
The CER cautions that just because an industry isn’t represented doesn’t mean it hasn’t already fallen prey to cyber-espionage. Noting the “slow, methodical, and lengthy process” threat actors apply in cyber-espionage incorporates a great deal of care to obfuscate the breach. Some 39% of all attacks aren’t detected for years. And once attacks are detected, time to containment can take weeks.
Threat actors, who in this category are overwhelmingly state or nation state-affiliated (93%), and employ a variety of techniques to breach organizations. The most commonly used are malware (90%), social (83%) and hacking (80%).
Verizon underscores that because attacks are so hard to identify, they probably occur much more frequently than appears. The message is clear, IT and security professionals across all industries need to educate themselves on cyber-espionage and take the proper measures to detect and deflect these breaches.
Verdict deals analysis methodology
This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.
GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.
More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.