Intel Security threat report reveals that manufacturing sector is least prepared to prevent information theft

Intel Security's latest ‘McAfee Labs Threat Report, September 2016’ has revealed that the healthcare and manufacturing sectors are among the least prepared to prevent information theft, while retail and financial services have the greatest cybersecurity protections in place to deal with data loss. In addition, the report also presents an update on cyber attacks during Q2 2016, finding ransomware and new mobile malware have reached their highest level ever recorded.

The research comes from a recent Intel Security survey titled ‘2016 Data Protection Benchmark Study’ where Intel Security interviewed organisations globally on data loss incidents, including the types of data leaking out and the ways in which data exits organisations.

The survey found that retail and financial services organisations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organisational responses to the frequency of cyber attacks and the value of the data held by companies in these two sectors. Having sustained fewer cyber attacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and as a result possess the least comprehensive data protection capabilities.

McAfee Labs researchers find the weaker defences in these two sectors particularly disturbing given that cybercriminals continue to shift their focus from easily replaceable payment card numbers to less perishable data such as personally identifiable information, personal health records, intellectual property and business confidential information.

Global general findings from the research include:

• More than 25% of companies surveyed do not monitor sharing of or access to employee or customer data.
• Nearly 40% of data losses involve some kind of physical media, such as thumb drives; however, only 37% of organisations use endpoint monitoring of user activity and physical media connections that could counter such incidents.
• 90% of respondents have cloud protection strategies, but only 12% are confident in their visibility into the activity of their data in the cloud.

Australian results include:

• Organisations in Australia and New Zealand are the most likely to employ a data loss prevention (DLP) solution to monitor rather than monitor and block incidents (59%). The US is most likely to have set up their DLP solution to both monitor and block incidents (51%).
• The number of recorded data loss incidents in Australia averages 17 per day and is one of the lowest worldwide with a global average of 20.
• Australia and New Zealand have the lowest maturity score in terms of how fully deployed their DLP solution is (3.65) when compared to the global average (4.10).
• APAC countries are more likely to report that certain activities cause increases in the average number of incidents recorded per day. In Australia and New Zealand, the key causes of increases are new project deployment (45%), internal organisation (44%) and mergers and acquisitions (42%).
• The monitoring and blocking of suspicious uses of email is most likely to cause the highest number of daily incidents on average globally (21). Organisations in Australia and New Zealand are likely to see the highest increase in the number of daily incidents generated as a result of monitoring and blocking the suspicious use of email (43).
• Globally, the reasons for employing a DLP solution are to protect data (77%), industry regulatory compliance (56%), legal legislation (52%), as a result of a data loss incident (30%) and to understand and manage data (30%). While protecting data is also key for Australia and New Zealand (64%), we are most likely globally to state that a key reason for having a DLP solution was as a direct result of a data loss incident (60%).

Q2 cyber attack statistics

In addition, the report also presents an update on cyber attacks recognised by Intel Security during (US) Q2 2016:

• Ransomware — The 1.3 million new ransomware samples detected in Q2 2016 was the highest ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128% in the past year.
• Mobile malware — The nearly 2 million new mobile malware samples was the highest ever recorded by McAfee Labs. Total mobile malware has grown 151% in the past year.
• Macro malware — New downloader Trojans such as Necurs and Dridex delivering Locky ransomware drove a more than 200% increase in new macro malware in Q2.
• Mac OS malware — The diminished activity from the OSX Trojan Gen adware family dropped new Mac OS malware detections by 70% in the second quarter.
• Botnet activity — Wapomi, which delivers worms and downloaders, increased by 8% in Q2. Last quarter’s number two, Muieblackcat, which opens the door to exploits, fell by 11%.
• Network attacks — Assessing the volume of network attacks in Q2, denial-of-service attacks gained 11% in the quarter to move into first place. Browser attacks dropped by 8% from Q1. These most prominent attack types were followed by brute force, SSL, DNS, Scan, backdoor and others.

Intel Security APAC Vice President Daryush Ashjari commented: “The gap between data loss and breach discovery is getting larger and organisations who haven’t traditionally been the target of cyber attacks now need to be aware of the risks as cybercriminals find new ways to exploit businesses. If this isn’t caution enough, the surges in ransomware to historic new heights in Q2 2016 come as a timely reminder to organisations to ensure the right practices and policies are in place to keep the business and its customers’ data secure at all times. It is befitting to highlight the importance of user awareness and corporates’ responsibility to educate their users and increase their awareness when it comes to ransomware.”