The 2020 Global Threat calls the past year “the year of enforcement” because numerous governance, risk and compliance initiatives have created a pronounced global regulatory landscape. Numerous laws and regulations such as the European General Data Protection Regulation have a strong impact on the way companies and organizations handle data and privacy. The current report therefore contains recommendations for the correct handling of these regulations, including the identification of an acceptable level of risk, the development of cyber resilience skills and the implementation of secure design solutions.
Attacks are becoming increasingly sophisticated through the use of artificial intelligence and machine learning, as well as investments in automation. 60 % of the malware discovered in Europe used the form of a vulnerability scanner. Botnets such as Echobot have made progress in automation and have massively improved their distribution options. These are also known to spread through IoT attacks. The botnet uses infected devices to scan and infect the network for other devices.
2020 Global Threat comes from global log events that identify attacks based on type or quantity. In contrast to the raw volume of log data or network traffic, the use of validated information records the actual number of attacks more precisely. Without an adequate categorization of the attacks, the disproportionately large data volume from network traffic monitoring,authorized security scanning, which are monitored and recorded, would falsify the actual frequency of attacks. The inclusion of data and development centers provide a precise representation of the constantly evolving global threat landscape.
Although the number of attacks has increased in all branches of industry in the past year, the technology sector as well as the manufacturing industry are most affected by cyber attacks. The technology sector ranks first in the list of attack targets with 50 % of all attacks.