- Public Sector and Manufacturing sectors among the most targeted industries.
- 85 percent of cyber-espionage breaches are conducted by state-affiliated actors.
- Confidential, sensitive or business critical information is most often targeted.
Cyber-espionage attacks occur more frequently in Asia-Pacific than any other region, according to the new Verizon Cyber-Espionage Report (CER) released by the Verizon Threat Research Advisory Center (VTRAC). Cyber-espionage breaches in Asia-Pacific (42%) occurred more frequently than in the Europe, Middle East and Africa (34%) and North America (23%) regions. The most targeted industries for attacks include the Public Sector (31%), followed by Manufacturing (22%) and Professional Services (11%).
The top actors in cyber-espionage breaches are state-affiliated (85%), nation-state actors (8%) and organized crime (4%). The CER found that data that is confidential, sensitive or business-critical is often most targeted in cyber-espionage breaches, as attackers seek out data that could impact national security, political positioning and economic competitive advantage.
The CER is the first-ever, data-driven publication on advanced cyberattacks that analyzes seven years (2014 to 2020) of Verizon Business Data Breach Investigations Report (DBIR) content. It contains recommendations for organizations to better defend and recover from cyber-espionage attacks, including:
- Regular security awareness training – Employees are the first-line of defense. Social engineering, or phishing, is a common method cyberspies use to gain access into sensitive systems. It is crucial that employees undertake regular security awareness training.
- Strengthen boundary defenses – Effective boundary defenses (e.g. network segmentation) and stronger access management capabilities (e.g. access granted on a need-to-know basis) can mitigate cyber-espionage attacks.
- Managed detection and response (MDR) – A robust MDR offering can identify indicators of compromise on the network and the endpoints. Essential components of MDR include security information and event management (SIEM) technologies; threat intelligence; user and entity behavior analytics (UEBA); and threat hunting capabilities, as well as integrations with endpoint detection and response (EDR), network detection and response (NDR), and deception technologies.
- Data leakage/loss prevention (DLP) – Can flag sensitive data being snuck out the back door.
Optimizing cyber threat intelligence – Recognizing indicators of compromise; leveraging tactics, techniques and procedures; and implementing a strong incident response plan are also important strategies for combating cyber-espionage.
“Cybercrime comes in all shapes and sizes, but fighting and preventing it is of equal importance. Defenses and detection and response plans should be tested regularly and optimized to confront cyber threats head-on,” said John Grim, lead author of the Verizon Cyber-Espionage Report leaves organizations with these thoughts. “This is particularly important for Cyber-Espionage breaches, which typically involve advanced threats targeting specific data and operating in ways to avoid detection and deny cyber defenders effective response.”