TRENDING
“
UK
MANUFACTURING
HAS BECOME A
MAJOR TARGET
FOR ATTACKERS
IN RECENT YEARS
AS A RESULT OF
THE INCREASED
RISKS BROUGHT
ABOUT FROM
THE
CONVERGENCE
OF IT AND
OPERATIONAL
TECHNOLOGY.
motivated data breaches, global supply
chain risks and risks from unpatched
vulnerabilities. The UK was the only country
(apart from Hong Kong) this year where
manufacturing topped the list of most
attacked sectors, representing 29% of all
attacks, with technology (19%) second and
business and professional services (17%)
third. Government and finance made up the
other two sectors in the top five.
Reconnaissance attacks accounted for
half of all hostile activity in the UK and
Ireland, with web application the next
most common form of attack (22%).
Reconnaissance activity (60%) was also
the most common attack type against
manufacturers, followed by web application
attacks (36%).
Rory Duncan, Security Go-to-Market Leader,
NTT, said: “UK manufacturing has become
a major target for attackers in recent years
as a result of the increased risks brought
about from the convergence of IT and
Operational Technology (OT). The biggest
worry is that security has lagged behind in
this sector, potentially exposing systems
and processes to attack. Poor OT security is
a legacy issue; many systems were designed
with efficiency, throughput and regulatory
compliance in mind rather than security.
In the past, OT also relied on a form of
‘security through obscurity’. The protocols,
formats and interfaces in these systems
were often complex and proprietary and
different from those in IT systems, so it was
difficult for attackers to mount a successful
attack. As more and more systems come
online, hackers are innovating and see
these systems as ripe for attack.”
Duncan added: “Now more than ever, it’s
critical for all organisations, regardless
of sector or region, to pay attention to
the security that enables their business;
making sure they are cyber-resilient and
secure-by-design, which means embedding
privacy and security into the fabric of their
enterprise architecture and organisational
culture. The current global pandemic
and the flow of trusted and untrusted
information used to mask the activities
of cybercriminals has shown us that they
will take advantage of any situation.
Organisations must be ready to respond
to these and other threats in a constantly
evolving landscape.”
Rory Duncan, Security Go-to-Market
Leader, NTT
The ‘year of enforcement’
The 2020 Global Threat Intelligence
Report calls last year the ‘year of
enforcement’ with the number of
Governance, Risk and Compliance
(GRC) initiatives growing, creating a
challenging global regulatory landscape.
Several acts and laws now influence
how organisations handle data and
privacy, including the General Data
Protection Regulation (GDPR), which has
set a high standard for the rest of
the world.
The report provides organisations with
recommendations to help navigate
compliance complexity, including
identifying acceptable risk levels,
building cyber-resilience capabilities
and implementing solutions that are
secure-by-design.
The 2020 GTIR – the eighth annual report –
analyses and summarises trends based
on log, event, attack, incident and
vulnerability data from trillions of logs
and billions of attacks.
26 INTELLIGENTCIO www.intelligentcio.com