Number of cyberattacks against organisations increases by 13%

Significant increase in cyber activity putting further strain on stretched IT teams, particularly for small-medium sized business, that lack dedicated security analysis resources.

Research from Orange Cyberdefense reveals that there has been a 13% increase in cyberattacks on enterprises over the past 12 months, with a rise in ransomware incidents and, for the first time, a noticeable wave of attacks against mobile devices.

The Security Navigator 2022 provides a detailed analysis of more than 50 billion security events analyzed daily over the past year (October 2020 to October 2021) by Orange Cyberdefense’s 18 Security Operation Centers (SOCs) and 14 CyberSOCs across the globe.

Monitoring showed that of the 94,806 incidents flagged during monitoring as being potential threats, analyst investigation confirmed 34,156 (36%) to be legitimate security incidents – a 13% increase on the year before. More than a third (38%) of all confirmed security incidents were classified as malware, including ransomware – an increase of 18% on 2020.

The report found that almost two thirds (64%) of the security alerts dealt with by Orange Cyberdefense analysts turned out to be ‘noise’ and did not represent a genuine threat - an increase of 5% on the previous year. The findings suggest that many organizations, particularly small and medium sized businesses, will require more resources to filter this massive amount of data for potential threats. The risk is that these businesses will become increasingly vulnerable to attack as the level and volume of activity continues to rise.

The Security Navigator also reports that mobile operating systems like iOS and Android in a business context are an increasingly popular target for exploits. Many of the activities appear to be related to commercial companies contracted by law enforcement and intelligence agencies. However, the vulnerabilities and exploits developed will likely not stay in that realm, but have in the past and will likely in the future find their way into the criminal ecosystem as well (mind the WannaCry attack of 2017).

Orange Cyberdefense predicts attacks targeting mobile devices are likely to continue on this upward trajectory. This is a development that security professionals will need to pay closer attention to. Mobile platforms are key in modern access protection concepts, namely multi factor authentication (MFA), which is commonly used in corporate environments to protect cloud access for instance.

Another key finding of the new Security Navigator is that malware, including ransomware, was the most common type of threat reported across the analysis period, with 38% of all confirmed security incidents classified as malware - an increase of 18% on 2020. Among the key malware trends are:

• A decrease in confirmed downloader activity (malware that downloads and runs other malware on affected systems) in November and December 2020 after the Trickbot botnet was taken down by law enforcement, and in January and February 2021, directly after Emotet was taken down;

• An inverse correlation between the stringency of Covid-19 lockdowns and the volumes of downloader and ransomware activity: the more stringent the lockdowns, the less of this activity, running contrary to the prevailing narrative that attacks increase when users work from home;

• Large organizations see more than double (43%) the amount of confirmed malware incidents than medium-sized businesses.

Hugues Foulon, CEO of Orange Cyberdefense, said: “Attacks like Solorigate show that even trusted software from reliable vendors can turn into a trojan horse for cunning attackers. Technology alone cannot be the solution to this problem, and as our data shows, we have seen a 13% increase in the number of incidents in just one year, and these incidents keep increasing year on year. A large proportion of the tech-driven security alerts that our analysts deal with are just noise but this puts a tremendous strain on already stretched IT and security teams. Indeed, not all businesses have the means or resources to employ managed security services providers to help them sift through the ‘noise’ and find the actionable security ‘signals’. We thus believe that security technologies can, and must, do better.”

Dominic Trott, UK product manager at Orange Cyberdefense, said: “After a challenging couple of years, with high-profile cyberattacks hitting the headlines like never before, we hope that this year’s Security Navigator can act as a guiding light for UK businesses working to enhance their security. Despite the number of unique cyber extortion threat actors growing by 12.5% this year, the number of UK-headquartered cyber extortion victims dropped by 8% over the same period. This can likely be attributed to the improvement and broader take-up of detection-centric security tools such as EDP, stopping potential cyber extortion incidents from becoming full incidents. However, security teams should by no means be letting their guard down as cybercriminals focus their efforts on exploiting vulnerabilities elsewhere. We’re proud to be able to share our deep knowledge and data-driven insights with business and security leaders to help them inform their investment decisions and make the choices that will best bolster their defences going into 2022 and beyond.”

Data from more than 1,300 global respondents combined with expert analysis to reveal goals, benefits, and challenges of cloud-native technology in 2022.
This week is Mental Health Awareness Week, a time to encourage deeper conversations and to explore initiatives that can support employees. The stigma surrounding mental health has been lessened thanks to open discussions, however, there is still progress to be made. Furthermore, these discussions need to be taking place in the professional spheres as according to a 2022 report, a staggering 61% of employees have never sought support for their mental health - despite one in five reporting that poor mental health impacts their productivity. We spoke to nine different technology leaders about their best advice and strategies going forward on how to prioritise wellbeing among employees and employers alike.
The Formula 1 season has been described as a travelling circus. Team members across varying functions tackle the extraordinary feat of moving and setting up all necessary infrastructure to execute their race plan. They do this over 20 times over the course of a season – across up to 20 countries and 5 continents.
Digital transformation projects show increasing improvements, but enterprises still wasted on average $4.12 million on failed, delayed or scaled-back projects.
Nexthink has introduced Nexthink Accelerate, a DEX subscription service aimed at an organization’s overall DEX maturity. Whether a company is driving transformational change for the future of work, reducing disruptions in employee environments or looking to increase employee satisfaction, the Accelerate program acts as a partner and guide to meet those goals.
Research commissioned by Lenovo reveals CIOs are more involved than ever before in areas outside their traditional technology purview, such as business model transformation, corporate strategy, and sustainability.
The shift to hybrid and flexible working patterns has revolutionised the way small and medium sized businesses and employees think about productivity, company culture, and how to organise their operations to best support their needs. Research from GoTo, the flexible-work support and collaboration company, reveals that 70% of employees are unwilling to accept a job without the option to work flexibly, and companies are continuing to step up their investments to remain competitive.
Data centre provider ServerChoice has released new research, highlighting the widespread impact of the cost of energy increase and how it is leading businesses to re-evaluate their IT suppliers.