What Will It Take to Thwart Cyberattacks? IBM Securities X-Force Has Unearthed These Vital Suggestions

IBM's X-Force Threat Intelligence Index sheds light on where today’s cyberthreats are most prevalent and how to safeguard against them.
By: | March 31, 2022

Cybercrime today is not just about money; it’s also about leverage.

This observation, made by the head of IBM Security’s X-Force, is evident as supply chain security remains top priority for governments around the world — especially in light of ongoing global labor shortages, transportation delays, and of course, the Russia-Ukraine conflict.

As Fourth Industrial Revolution technology continues ramping up the “smart” profile of factories, ransomware attacks on manufacturers are now keeping up pace with those previously centered on financial services providers and insurers.

What will it take to guard against cyberthreats on vital global industries? Identifying and securing vulnerabilities for starters, as IBM Security’s 2022 X-Force Threat Intelligence Index revealed.

Key Index Findings

  • Manufacturing was the most threatened industry in 2021. Cyberattacks on manufacturers exceeded those aimed at financial services and insurance in 2021, representing 23.2% of the attacks X-Force remediated from January to December 2021.
  • Ransomware remained the number one attack type observed by X-Force.
  • Ransomware organizations wrecked global havoc for an average of 17 months before rebranding or shutting down in 2021, though the most successful ransomware gangs operated for up to 31 months (two and a half years) before disbanding.
  • Phishing was the top technique used for initial access among 41% of cyber incidents X-Force remediated in 2021.
  • Vishing is on the rise. The click rate for the average targeted phishing campaign was 17.8%, but targeted phishing campaigns that added phone calls (vishing or voice phishing) were three times more effective in 2021, netting a click from 53.2% of victims.

Second Place Is Still Vulnerable

Corey Hamilton, global financial services leader, IBM Security Services

Slightly outranked by manufacturing as top targeted industry, finance and insurance organizations were the target of 22.4% attacks remediated by IBM’s X-Force team in 2021. Of these attacks, 70% were on banks, 16% were on insurance organizations, and 14% were on other financial organizations.

The financial industry’s drop from most targeted industry on the index suggests that “the high security standards in place at most financial organizations are yielding concrete results” the report authors noted.

A key component to security success for financial organizations has been tapping into hybrid cloud environments that allow for better visibility into and management of sensitive data.

“Getting that visibility and prioritization is absolutely critical,” said Corey Hamilton, global financial services leader, IBM Security Services. “With cloud … that visibility is built in.”

And in legacy mainframes, “an organization may not have the best visibility into the protection of the data,” Hamilton added.

Rather than an organization internally managing and storing data, hybrid cloud environments establish a baseline for consistency — teams, tools, controls — that can be easily and quickly automated, Hamilton noted.

“In the event that there is a known deficiency — it could be in a completely separate client or a completely different industry — the largest cloud security providers know that there are issues and can automate those away,” Hamilton said.

Cloud environments also have the benefit of being able to create a single standard for security controls. “In the financial services space, there are regulatory controls and requirements, and having those being built upon the cloud is certainly a unique factor that ensures the proper security controls, and the implementation of those controls, take place,” Hamilton said.

For financial enterprises and insurers working on their digital transformations, Hamilton recommends opting for specialized clouds. Going with a cloud service provider that has specialized controls based on industry regulations and privacy mandates is “the most cost-efficient route to a secure starting point,” to get ahead of cyberthreats Hamilton said.

Expect a Breach and Adopt Zero Trust

Every industry has its vulnerabilities, and these are the gateways cybercrime organizations seek out to infiltrate data systems and bring business to a halt. But with staffing fluctuations reaching record levels, especially in sectors like manufacturing, how can companies identify and safeguard their security weak points? All arrows point to zero trust.

In order to maintain trust with stakeholders as well as the clients whose data they safeguard, the X-Force report recommends companies adopt a zero-trust approach to security and data management. By assuming that a breach has already happened, zero trust is centered upon a “least privileged principle model,” Hamilton explained.

This comes down to ensuring that “organizations staff only have access to the amount of data that they need to do their job and nothing more,” Hamilton said.

Multifactor authentication (MFA) also plays a key role in applying zero trust as well. A key component of strategies to minimize business email compromise (BEC), in 2021 the X-Force team found that in regions where widespread MFA implementation saw a significant decrease in successful BEC attacks.

Take Inventory of Security

From an organizational security standpoint, global business has reached an inflection point, Hamilton said, “where some organizations have advanced their digital footprint 15 years in say the past two years.”

As industries continue to embrace automation, shift to remote work, and more financial transactions are completed online, now is the time for organizations to take inventory of their security posture.

“We’re kind of settling into a norm and we want to make sure that there aren’t leftover accelerated processes that may be introducing more risk into an organization,” Hamilton said.

Now is the time, Hamilton said, “to step back and ensure that the organization, from a security standpoint, is as mature as it was before the rapid onset of COVID and the current situation that we’re in.” &

Raquel Moreno is a staff writer with Risk & Insurance. She can be reached at [email protected].