As governments and organizations standardize and harmonize their responses to better mitigate the increasing number of cyber-attacks, so do cybercriminals. In Europe, security decision-makers and businesses face similar attack techniques as their global counterparts. While the methodologies employed are identical because they all rely on the same digital technologies exploiting similar vulnerabilities, the motivations vary.
The threat actors can be distinguished into two major groups according to their motivation:
Both groups follow well-known pathways to initial compromise, such as exploiting unpatched vulnerabilities, credential theft, social engineering and phishing attacks, and deploying malware with a preference for ransomware attacks.
A Forrester report found that throughout 2022, CISOs in European organizations faced four threats that differed from the global trends.
State-sponsored attacks are a valid concern for European businesses, but organized crime is booming.
While Europe is not the key target of state-sponsored activities, security leaders must be aware of this problem. Africa, the Middle East and Turkey are most targeted by politically motivated actors, followed by Northern Europe. In Europe, organizations are predominantly plagued by financially driven threat actors located in Russia, Iran, and North Korea.
Organized cybercriminals have skilled up as cybercrime goes mainstream. With the cybercrime economy growing and becoming the third-largest global economy, criminal gangs are forming collectives to exchange knowledge and trade. Organized Crime as a Service is booming, taking several forms:
Overall, we witness an increased collaboration between cybercriminal gangs, more like Crime as a Business. Cybercriminals have specializations, like any business and teams, and work together to achieve objectives ranging from petty scams to espionage.
Forrester’s data highlights that 16% of European security decision-makers treat securing OT environments as a top tactical priority. At the same time, IBM reports a 2,204% increase in reconnaissance against OT systems.
State-sponsored affiliated actors, including Electrum, Magnallium, and Xenotime, increasingly target manufacturing organizations. These actors gain initial access using credential theft, exploiting cloud vulnerabilities and malware. However, the positive sign is that security decision-makers at organizations that had experienced disruption or data ransom were more likely to prioritize ICS or OT security.
Businesses need help to integrate threat intelligence into their security programs. However, threat intelligence feeds listing initial compromise indicators must be more comprehensive. European organizations must evaluate their threat intelligence program through three lenses: tactical, operational, and strategic. This is essential because, besides recognizing the attackers’ tactics, geography and politics are vital factors to consider when building cyber threat intelligence.
Therefore, businesses should base their threat intel program on four critical considerations:
Focusing on the OT domain, security begins with knowing your environment. Therefore, the first step is to identify all your intellectual property and where it resides and consider how you can protect it with consistent data security policies.
Once you have achieved the desired level of visibility, the next step is to encrypt your critical data and implement a data loss prevention (DLP) strategy. Leveraging specialized DLP software offers multiple benefits for organizations. Finally, you should use data classification capabilities and centralized policy management to simplify detection and policy enforcement.
However, cybersecurity is not only about processes. It is also about the people and technology in your organization. European organizations should prepare their people for the possibility of a successful attack. There are several steps you can take in this direction:
Fortra has long been known for helping organizations become more secure and autonomous. To increase security maturity and decrease operational burden, we must address technology-based and people-based vulnerabilities together. That means securing infrastructure and data, consistently improving people’s awareness of security risks, and supplementing their teams with additional security operations resources.
By doing this successfully, we will significantly increase an organization’s security maturity in the areas that account for 75% of all attacks with just one cybersecurity partner while decreasing their operational burden. Fortra offers a wide range of cybersecurity solutions to help European organizations effectively protect against the evolving threat landscape.
To dig more into the topic, understand in greater detail the Forrester survey findings and learn how Fortra can help you, you may watch the on demand webinar, “Cybersecurity Threats In Europe: What You Need to Know and What to Do About Them.”
Leave a Reply