Midsized businesses more at risk of cyber attack

Ontario, Canada

Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organisations, according to a recent cyber threat report by E Sentire, Inc., one of the largest pure-play Managed Detection and Response (MDR) providers.

Produced by E Sentire’s Threat Intelligence team, the “2016 Midmarket Threat Summary Report” provides an overview of the cyber threats investigated by the E Sentire Security Operations Center (SOC) in 2016. The report addresses three key areas: threat types, threat volume, and attack types. The analytical assessment includes visual data analysis, written analytical evaluations, practical recommendations, and key analytical assumptions, providing threat perspective for business leaders in small and midsize enterprises, and actionable takeaways to help leaders strategically reduce the risk of cyber attacks.

“In 2016, the E Sentire SOC detected almost 5 million attacks across hundreds of primarily small to medium organisations, spanning multiple industries,” said Viktors Engelbrehts, director of threat intelligence at E Sentire. “Cyber criminals are attracted to easy targets because they are low risk, high reward, and require little effort to execute. However, available evidence suggests that the majority of opportunistic cyber attacks against mid-sized businesses can be prevented by applying basic best practice security principles.”

The findings showed that March to April and September to October were the most intense periods of threat events throughout the year, with March being the most active month, and June to July being the least active. The most often observed threat categories were intrusion attempts, information gathering, and policy violations, representing 63% of all observed attacks.  Intrusion attempts (primarily web attacks) was the top-ranking threat category, representing almost 30% of all observed events.

Web-based attacks and network scanning continue to increase as widely adapted automated tools allow a hands-off approach by threat actors.

The report concludes that rudimentary attacks pose the greatest risk – cyber criminals are moving away from sophisticated malicious code attacks, with the majority of attackers preferring inexpensive and automated methods of intrusions, exploiting ‘low hanging fruit’ (representing almost 30% of all observed events). This trend is expected to continue so long as these techniques are successful.

Also every organisation is a target – with easier access than ever before to simple and automated tools, cyber criminals can quickly and easily stage attacks against every business.

“Defending against evolving threats has never been more important for midsized organisations working to guard against financial and reputation-based risk. By addressing the recommendations listed in E Sentire’s 2016 Midmarket Threat Summary Report, business leaders will be equipped to disrupt threat opportunities, as opposed to remediating financial damage caused by attacks,” said Mark McArdle, E Sentire CTO.


Business News

Cyber security vulnerability check list advises on best practice

Farpointe Data has just posted the first radio frequency identification(RFID) Cybersecurity Vulnerability Checklist for access control manufacturers, distributors, integrators and end users to use to protect their access control systems from becoming hacker gateways to their facilities and IT systems. Knowing what to do is especially important now that government agencies, such as the United States Federal Trade Commission, have begun filing lawsuits against businesses that do not provide good cybersecurity practices.

Product Suppliers
Back to top