Intel Security’s latest McAfee Labs Threat Report, September 2016, has revealed that manufacturing and healthcare sectors are among the least prepared to prevent information theft, whilst retail and financial services have the greatest cyber security protections in place to deal with data loss. In addition, the report also presents an update on cyberattacks during Q2 2016, finding ransomware and new mobile malware have reached their highest level ever recorded.
The research comes from a recent Intel Security survey titled 2016 Data Protection Benchmark Study where Intel Security interviewed organisations globally on data loss incidents, including the types of data leaking out and the ways in which data exits organisations.
The survey found that retail and financial services organisations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organisational responses to the frequency of cyberattacks and the value of the data held by companies in these two sectors. Having sustained fewer cyberattacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and as a result possess the least comprehensive data protection capabilities.
McAfee Labs researchers find the weaker defences in these two sectors particularly disturbing given that cybercriminals continue to shift their focus from easily replaceable payment card numbers to less perishable data such as personally identifiable information, personal health records, intellectual property and business confidential information.
Global general findings from the research include:
More than 25 percent of companies surveyed do not monitor sharing of or access to employee or customer data.
Nearly 40 percent of data losses involve some kind of physical media, such as thumb drives, however only 37 percent of organisations use endpoint monitoring of user activity and physical media connections that could counter such incidents.
90 percent of respondents have cloud protection strategies, but only 12 percent are confident in their visibility into the activity of their data in the cloud.
Australian results include:
Australia and New Zealand are the most likely to employ a Data Loss Prevention (DPL) solution to monitor rather than monitor and block incidents (59 percent). The US is most likely to have set up their DLP solution to both monitor and block incidents (51 percent).
The number of recorded data loss incidents in Australia average 17 per day and is one of the lowest world-wide with a global average of 20.
Australia and New Zealand have the lowest maturity score in terms of how fully deployed their DLP solution is (3.65) when compared to the global average (4.10).
APAC countries are more likely to report that certain activities cause increases in the average number of incidents recorded per day. In Australia and New Zealand, the key causes of increases are new project deployment (45 percent), internal organisation (44 percent) and mergers and acquisitions (42 percent).
The monitoring and blocking of suspicious uses of email is most likely to cause the highest number of daily incidents on average globally (21). Australia and New Zealand are likely to see the highest increase in the number of daily incidents generated as a result of monitoring and blocking suspicious use of email (43).
Globally, the reasons for employing a DLP solution are to protect data (77 percent), industry regulatory compliance (56 percent), legal legislation (52 percent), as a result of a data loss incident (30 percent) and to understand and manage data (30 percent). Whilst protecting data is also key for Australia and New Zealand (64 percent), we are most likely globally to state that a key reason for having a DLP solution was as a direct result of a data loss incident (60 percent).
*The research was conducted globally in May 2016 from 1,000 IT decision makers in financial services, healthcare, government, retail and manufacturing industries. Of these, 350 were from Australia and these results are included above.
Q2 Cyberattack statistics
In addition, the report also presents an update on cyberattacks recognised by Intel Security during Q2 2016:
Ransomware – the 1.3 million new ransomware samples detected in Q2 2016 was the highest ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128 percent in the past year.
Mobile Malware – the nearly 2 million new mobile malware samples was the highest ever recorded by McAfee Labs. Total mobile malware has grown 151 percent in the past year.
Macro Malware – new downloader Trojans such as Necurs and Dridex delivering Locky ransomware drove a more than 200 percent increase in new macro malware in Q2.
Mac OS malware – the diminished activity from the OSX Trojan Gen adware family dropped new Mac OS malware detections by 70 percent in the second quarter
Botnet activity – Wapomi, which delivers worms and downloaders, increased by 8 percent in Q2. Last quarter’s number two, Muieblackcat, which opens the door to exploits, fell by 11 percent.
Network Attacks – Assessing the volume of network attacks in Q2, denial-of-service attacks gained 11 percent in the quarter to move into first place. Browser attacks dropped by 8 percent from Q1. These most prominent attack types were followed by brute force, SSL, DNS, Scan, backdoor and others.
Intel Security’s APAC Vice President Daryush Ashjari said that the gap between data loss and breach discovery is getting larger and organisations who haven’t traditionally been the target of cyberattacks now need to be aware of the risks as cybercriminals find new ways to exploit businesses.
“If this isn’t caution enough, the surges in ransomware to historic new heights in Q2 2016 come as a timely reminder to organisations to ensure the right practices and policies are in place to keep the business and its customers data secure at all times. It is befitting to highlight the importance of user awareness and corporates’ responsibility to educate their uses and increase their awareness when it comes to ransomware.”
