Global Threat Report Extended enterprise under threat June 2020 Table of Contents Foreword 3 The impact of COVID-19 ......................................................... 7 How have attack volumes changed? 8 What gaps has COVID-19 revealed? 9 What are the biggest threats? 11 Full survey findings ............................................................. 12 Attack volumes and sophistication 12 Attack types and breach frequency 13 Introduction Breach causes and consequences 14 Threat hunting and budget plans 15 This research was conducted to understand the challenges and issues facing global businesses when it comes to escalating cyberattacks. It identifies trends New technology and framework adoption 16 in hacking and malicious attacks and the financial and reputational impact any Security risk perceptions 17 breaches have had. It examines organizations’ plans for securing new technology, for adopting cybersecurity frameworks and the complexity of the current cybersecurity management environment. 1 | VMWARE CARBON BLACK GLOBAL THREAT REPORT VMWARE CARBON BLACK GLOBAL THREAT REPORT | 2 90% of security professionals said the volume of attacks they faced has increased. THE 2020 GLOBAL CYBERATTACK LANDSCAPE Rick McElroy Cyber Security Strategist, VMware Carbon Black 94% Foreword of organizations worldwide have suffered a data breach METHODOLOGY The global cyber threat landscape has escalated. In this, our third Global Threat VMware Carbon Black Report, we find that attack frequency has reached unprecedented levels; 90% commissioned a survey, of security professionals said the volume of attacks they faced has increased. undertaken by an independent Attackers are employing a more diverse range of tactics and techniques than research organization, Opinion ever before as they bid to extort, disrupt and infiltrate organizations. Matters, in March 2020. 3012 As a result, breaches are inevitable. Our research found that: CIOs, CTOs and CISOs were 80% of security professionals say surveyed from companies 94% of organizations worldwide have suffered a data breach as a result of a attacks have become more in a range of industries cyberattack in the past 12 months and the average organization has sophisticated including: financial, healthcare, experienced 2.17 breaches. government and local authority, retail, manufacturing and The increase in attack volume has jumped from 84% in October 2019 and 82.5% engineering, food and beverage, in February 2019, demonstrating a clear upward trend. At the same time, utilities, professional services however, the number of breaches has dropped once more, down from 3.4 in and media and entertainment. October 2019. This is the third Global Threat The considerable leap in attack frequency and sustained increase in Report from VMware Carbon sophistication revealed in this iteration of the report shows that, however fast Black, building on the previous global businesses may be adapting to the intensifying environment, the cyber surveys, which were undertaken threat landscape is evolving faster. 80% of security professionals say attacks in February 2019 and October have become more sophisticated, 18% of those say they have become 2019. The countries surveyed significantly more advanced. This confirms what VMware Carbon Black Threat were: Australia, Canada, France, Germany, Italy, Analysis Unit research has been finding: adversaries are adopting more Japan, Netherlands, Nordics, advanced tactics as the commoditization of malware is making more Singapore, Spain, the UK and sophisticated attack techniques available to a bigger cohort of cybercriminals. the US. It’s not surprising that custom malware is the joint most commonly seen attack type. 3 | VMWARE CARBON BLACK GLOBAL THREAT REPORT VMWARE CARBON BLACK GLOBAL THREAT REPORT | 4 Third Party Breach Risk On The Rise In addition to the general escalation in intensity, this report reveals a shift in the causes of successful breaches. OS vulnerability was the most common cause of breaches, at the root of 18% of compromises. Third party application breaches were joint second on the list, leading to 13% of breaches. Island hopping, despite only featuring in 4.5% of attacks experienced, shared second place as the most common cause of breaches, at the root of 13%. Furthermore, 7% of breached businesses had been compromised via their supply chain. Clearly, the extended enterprise ecosystem is generating considerable security concerns. At the other end of the scale, breaches from direct attacks through ransomware and phishing have dropped considerably. In October 2019, phishing caused 34% of breaches and ransomware accounted for 18%. This time they each accounted for only 6%. It appears that unsophisticated “spray and pray” tactics are being rejected in favour of accessing networks undetected and gaining persistence for A Complex, Crowded, Multi- Workloads/Applications Top 96% longer term campaigns. Plan to increase budgets Technology Environment Breach Risk List Reputations And Profits Are In The Firing Line The main concern for cybersecurity professionals Perhaps this is because they’re already supporting globally is workload/applications, cited as the biggest multiple security technologies. Respondents are As public awareness of data protection rights has grown, and regulatory fines risk for 35% of them. This is perhaps not surprising in using an average of 8.91 different security tools have hit the headlines, so the impact of breaches continues to be felt. Security light of the jump in third party app-related breaches. to manage their security program. This indicates a professionals feel that the reputation of their business is more likely to be As businesses run more and more apps in a bid for security environment that has evolved reactively affected by a breach, with 70% saying they had suffered image damage. flexibility and productivity gains, ensuring their as security tools have been bolted on to tackle security will become of critical importance. emerging threats, not built-in. This has resulted in Budget Rises Are Robust, But Will Spending Be siloed, hard-to-manage environments that hand 46.5% Strategic Or Tactical? the advantage to attackers from the start; evidence Consensus Between Territories Say they will need to increase shows that attackers have the upper hand when security spend and controls What was striking about this edition of our research Security professionals worldwide are responding to the uptick in cyber threats security is not an intrinsic feature of the environment. around 5G project was the broad consensus between different by boosting cyber defense spending, more of them than ever before told us As the cyber threat landscape reaches saturation, countries. More geographies than ever before that they are expecting to increase their budgets. 96% plan a greater spend, up it is time for rationalization, strategic thinking and reported their highest ever figures for attack volume from 90% in October 2019 and 88% in February 2019. clarity over security deployment. increases and subsequent breaches, while budget Where that spend will be directed is an interesting question. Respondents told increases are also at their highest. What this really us unequivocally that threat hunting is paying dividends and increasingly being Split Over The Value Of Security shows is that cyber defense is a borderless challenge recognised for its value in identifying malicious actors already in the system, so on a global scale. The analysis below highlights the it seems likely this investment will continue, but what of emerging risks? Frameworks key statistics and outlying responses of interest. In our October 2019 survey, 92% of respondents said they had security concerns Visibility and validation of security posture can be around the implementation and management of digital transformation and 5G. significantly enhanced by the application of the But, when it comes to the crunch, opinion is split on the need for security MITRE ATT&CK ® framework, but it seems the jury is spending. 46.5% say they will need to increase security spending and controls, still split on the relevance and value of this approach. 8.91 while 48% won’t be focusing their budgetary increases on securing 5G. 80% worldwide are aware of it, but only 56% plan to The average number of different use it to validate security posture, demonstrating that tools being used to manage there is still work do to establish this framework as cybersecurity programs the gold standard among enterprises. 5 | VMWARE CARBON BLACK GLOBAL THREAT REPORT VMWARE CARBON BLACK GLOBAL THREAT REPORT | 6 “Attackers are employing a more diverse range of tactics and techniques than ever before as they bid to extort, disrupt and infiltrate organizations.” Has The Overall Number Of Typical Cyberattacks On Your The Impact Of COVID-19 System Changed As A Result Of More Employees Working COVID-19 Supplemental From Home? A staggering 91% of all global respondents stated that they had seen an increase in overall When we conducted our primary research for this cyberattacks as a result of employees working from home. edition of the VMware Carbon Black threat report, Research Findings the impact of COVID-19 was only just beginning to 7% of respondents reported that these had increased by between 50 and 100%. Just under a reverberate across the globe. In the interim period, as 1002 global respondents from quarter (24%) recounted that attack volumes had gone up by between 25 and 49%. we analysed the results, it became clear that the