Cyber risk is increasing for businesses around the world. Our analysis showed that 2021 was a banner year for vulnerabilities, and our latest quarterly Kroll Threat Landscape Report revealed a 356% increase in Common Vulnerabilities and Exposures (CVEs) or zero-day vulnerabilities exploited for initial access compared to Q3 2021. Following high-profile vulnerability notifications, this underscores the speed at which cybercriminals can operate.
In Hong Kong, in particular, we have seen a huge increase in cybercrime. Data from the Financial Services Development Council shows cyber incidents have increased from 2,206 in 2011 to 12,916 in 2020 (representing an almost six-fold increase). The value of these crimes has also increased, from HK$148 million in 2011 to HK$2.96 billion in 2020.
As cyberattacks continue to dominate the headlines and businesses face the financial penalties of security incidents, concern is growing. Increasingly, we are seeing a demand for attack simulations and resiliency testing, as well as preventive measures to monitor suspicious activity that could later lead to an incident.
Professional services sector at risk
Our data showed that the professional services sector continues to be a prime target for cyber attacks, accounting for 16% of cyber cases in Q4 2021. Other industries in the top five targeted sectors included technology/telecommunications, healthcare, manufacturing and financial services. For the other sectors (education, pharmaceutical, construction, food and agriculture), the number of incidents increased largely due to ransomware, with the exception of education, where unauthorized access was mainly used to infiltrate systems.
The most common attacks
When it comes to the most common sources of infection, phishing takes the top spot, accounting for 39% of all suspected initial access methods in the last quarter of 2021. The effectiveness of phishing boils down to its exploitation people rather than the system. This has led to a steady number of business email compromise attacks, which are then used to deploy malware or trick users into entering credentials on fake landing pages. Most of these attacks result in significant financial and operational losses for the victims.
Third-party vulnerability (8.9%) and remote code execution (4.5%) were among the top five infection vectors in Q4 2021. Social engineering also entered the top five , accounting for about 4% of infections.
The supply chain is another area threatened by adversaries. Smaller providers, who typically have less sophisticated IT infrastructure and security systems, are attacked in an effort to reach a larger business for which they can provide service.
Strengthen cyber resilience
Organizations can improve their resilience to cyberattacks in several ways. Especially given the rate at which vulnerabilities are exploited by attackers, a robust vulnerability management plan that prioritizes and coordinates patch updates will be important.
When it comes to the extent of successful phishing attacks, this proves why workforce training is so critical and a reason to assess your business for phishing resilience. Getting a better picture of a company’s vulnerability will be important from a risk assessment perspective.
Beyond that, there are a series of proactive measures that can be taken with penetration testing and red teams, which aim to find vulnerabilities that threat actors could exploit. Monitoring technology to look for suspicious activity in an IT environment is also key to staying one step ahead of attackers.
Our analysis of Q4 2021 highlights the rapid evolution of adversaries not only at the level of the players themselves but also in their operating activities. Companies should use actionable threat intelligence to guide their cybersecurity strategies, and in the event that attackers do manage to break into an organization’s systems, the incident response process should be clear and well-established to ensure rapid validation, threat containment and post-incident recovery support.
— Contact us at [email protected]