IBM Security (NYSE: IBM) has released its 2022 X Force Threat Intelligence Index, which reveals the UK was the most targetted country in Europe when it came to cyberattacks. The UK’s energy industry was the country’s top target for cyberattacks, accounting for 24 per cent of all incidents, followed by manufacturing and financial services, which each received 19 per cent of attacks. Germany and Italy filled out the remaining spots in the top three most attacked countries in Europe, according to the report.
The study comes amid intense pressure on the UK’s energy and manufacturing sectors, with the energy regulator preparing to increase its cap on prices by over 50 per cent in April, and ongoing supply chain challenges. With the cost of cyberattacks trickling down to consumers, the findings highlight the urgent need for robust cyber resiliency in the nation’s critical industries.
The UK has been stepping up its efforts to meet the security challenge, with the government recently publishing the National Cyber Strategy and Government Cyber Security Strategy 2022-2030, as well as proposing amendments to the Network and Information Systems (NIS) Regulations to improve the cyber resilience of UK businesses. The Government’s latest Annual Cyber Sector Report also showed record investment in the cybersecurity sector last year, with revenues exceeding £10billion.
Laurance Dine, Global Partner, X-Force Incident Response, IBM, said, “Cybercriminals worldwide are becoming increasingly resilient, resourceful, and stealthy in their pursuit of critical data. In Europe, we saw adversaries overwhelmingly exploiting unpatched vulnerabilities to infiltrate victim environments in 2021, highlighting the importance of adopting a Zero Trust approach to security. Businesses must start operating under the assumption of compromise, putting the proper controls in place to defend their environment and protect critical data.
“In the UK, critical industries such as energy, manufacturing and finance are key targets for cybercriminals, underlining the importance of the government’s National Cyber Security Strategy to ensure the economy remains resilient in our fast-moving digital world.”
The 2022 IBM Security X Force Threat Intelligence Index found:
Ransomware’s Reign is Far from Over
This notorious attack, which typically “locks” a computer system until a sum of money is paid, has accounted for more than one in five cyberattacks worldwide (15 per cent in the UK). Other findings include:
- The REvil ransomware group was responsible for 37 per cent of all ransomware attacks X-Force observed in 2021.
- Data theft was the most common attack type in the UK during 2021, making up 31 per cent of incidents.
- Phishing was overwhelmingly the top infection method used against UK businesses in 2021, leading to 63 per cent of incidents.
Businesses Remain Vulnerable to Attacks
Vulnerability exploitation, a term used to describe a threat actor taking advantage of an unpatched flaw or weakness in an IT system, remains a top challenge for– in fact:
- The number of network compromises caused by vulnerability exploitation rose 33 per cent in a year.
- Vulnerability exploitation was the cause of 44 per cent of ransomware attacks
- In Europe, 46 per cent of cyberattacks were caused by vulnerability exploitation.
“Manu-fractured” Supply Chains
- Manufacturing was the most attacked industry globally in 2021, with ransomware persisting as the main culprit, representing 23 per cent of attacks.
- In the UK, energy was the top-attacked industry, with 24 per cent of incidents, followed by manufacturing and finance and insurance, each receiving 19per cent of attacks.
Commenting on the findings, Simon Hepburn, CEO, UK Cyber Security Council said: “IBM Security’s latest research highlights the constantly evolving nature of the global cyber threat, as adversaries seize on new vulnerabilities created by digital transformation. With the UK’s critical industries under constant threat, it’s imperative that the UK rapidly expands its professional cyber security workforce by investing in training and professional development opportunities. Providing pathways for people to enter the profession as career changers or graduates, as well as ensuring people from all backgrounds have access to opportunities, will be key to achieving this.”
Julian David, Chief Executive Officer, techUK said, “The IBM Security X-Force Threat Intelligence Index highlights the developing cyber threats we face globally, with ransomware continuing to grow as the go-to attack method for cyber-criminals. Clear growth in attacks across all sectors – notably manufacturing and energy – and the fact the UK is now one of the most targeted countries in Europe, the second-most targeted region globally, should harden all organisations’ resolve to strengthen their cyber resilience. Fortunately, the UK has a world-leading cyber industry and a clear longstanding National Strategy which stands ready to offer further support across the country. At techUK we have 250 member companies working to address this threat and reports such as this are important in highlighting where we need to direct our efforts.”
The Charter Of Trust, a global initiative aimed at advancing security standards and cross-sector collaboration in cybersecurity, welcomed the report, stating: “With IBM revealing that nearly half of cyberattacks observed in Europe were caused by vulnerability exploitation last year, it’s more important than ever that industry and policy strengthen their threat information sharing ecosystem, increase standardisation, and combine know-how to evolve and enhance organisations’ defences against new cyber threats.”
The annual report from IBM Security X-Force, which maps the latest security trends and attack patterns, analysed global data ranging from network and endpoint detection devices, incident response (IR) engagements, and phishing kit tracking, from January to December 2021.