SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber-espionage growing problem for APAC region, report finds
Wed, 16th Dec 2020
FYI, this story is more than a year old

Asia-Pacific's public sector is at the greatest risk for advanced cyber-espionage attacks, while the region is hardest hit globally, according to the new Verizon Cyber-Espionage Report (CER) from the Verizon Threat Research Advisory Center (VTRAC).

Breaking down the stats

Cyber-espionage breaches in Asia-Pacific (42%) occurred more frequently than in the Europe, Middle East and Africa (34%) and North America (23%) regions.

The most targeted industries for attacks include the Public Sector (31%), followed by Manufacturing (22%) and Professional Services (11%).

The top actors in cyber-espionage breaches are state-affiliated (85%), nation-state actors (8%) and organised crime (4%).

The CER found that data that is confidential, sensitive or business-critical is often most targeted in cyber-espionage breaches, as attackers seek out data that could impact national security, political positioning and economic competitive advantage.

Recommendations for organisations

The CER is the first-ever, data-driven publication on advanced cyberattacks that analyses seven years (2014 to 2020) of Verizon Business Data Breach Investigations Report (DBIR) content.

It contains recommendations for organisations to better defend and recover from cyber-espionage attacks, including regular security awareness training, strengthening boundary defenses, MDR and DLP.

Regular security awareness training acknowledges that employees are the first-line of defense.

Social engineering, or phishing, is a common method cyber spies use to gain access into sensitive systems, the research states, therefore it is crucial that employees undertake regular security awareness training.

Effective boundary defenses, such as network segmentation, and stronger access management capabilities, such as access granted on a need-to-know basis, can mitigate cyber-espionage attacks.

A robust Managed detection and response (MDR) offering can identify indicators of compromise on the network and the endpoints.

Essential components of MDR include security information and event management (SIEM) technologies; threat intelligence; user and entity behavior analytics (UEBA); and threat hunting capabilities, as well as integrations with endpoint detection and response (EDR), network detection and response (NDR), and deception technologies.

Data leakage/loss prevention (DLP) can flag sensitive data being snuck out the back door.

Finally optimising cyber threat intelligence can help an organisation to recognise indicators of compromise; leveraging tactics, techniques and procedures; and implementing a strong incident response plan are also important strategies for combating cyber-espionage.

Approach cyber-espionage head-on

John Grim, lead author of the Verizon Cyber-Espionage Report, says, “Cybercrime comes in all shapes and sizes, but fighting and preventing it is of equal importance. Defenses and detection and response plans should be tested regularly and optimised to confront cyber threats head-on.

“This is particularly important for cyber-espionage breaches, which typically involve advanced threats targeting specific data and operating in ways to avoid detection and deny cyber defenders effective response.