Global Threat Intelligence

The publication of the annual study, Global Threat Intelligence Report 2020 by NTT, contains conclusions that we believe should be highlighted. The NTT report reveals that cybercriminals set their sights on tech companies in 2019 before the Covid-19 crisis redirected them towards remote workers. states the report.

More than half of attacks against this sector were application-specific (31%) or DoS/DDoS-type (25%), while weaponized attacks against the Internet of Things (IoT) have increased. The technology sector was previously the second most attacked sector in 2017 and 2018, with a ransomware activity rate of 9%, while no other sector recorded a ransomware detection rate above 4%. The tech industry also experienced the lowest application security detection rate, with an average of 12 serious vulnerabilities per web application.

The explanation for this interest lies, according to the NTT report, in the competitive advantages provided by technological advances. Technology is one of the fastest moving industries where small advances in research and development can easily lead to huge leaps in competitive advantage. Technology organizations spend significant amounts of economic and mental resources on the development of new tools, systems, services, and technical solutions.

Organizations in the technology industry often maintain large amounts of sensitive data. They tend to operate in a collaborative environment and are often gateways to other industries as they provide process and business improvement tools. Also, attackers who wish to acquire technology or reduce a competitive disadvantage often target these organizations to steal information such as technical secrets. They, therefore, present a promise of a very significant return on investment.
The observation is clear: 2 out of 3 companies are unable to analyze all the data they collect and only 1 out of 2 knows where all their sensitive data is stored.

In this period of awakening to the reality of the GDPR and the search for solutions to finally evolve towards compliance, a Gemalto study comes opportunely to throw oil on fire by recalling that data management is essential to all security procedures, whether they relate to the European Regulation or more simply to company data.

An alarming observation on the data

First of all, the study makes four alarming observations:

65% of companies are unable to analyze or categorize all the customer data they collect; and only 54% of companies know where all their sensitive data is stored.
68% of IT managers believe that their company does not carry out all procedures in accordance with data protection laws; yet 96% consider some of their data worthy of restricted access.
Since the time we have been saying it, the Gemalto study has once again confirmed it, our companies are far from the compliance required by the GDPR. And yet, while 89% of companies worldwide recognize that effective data analysis gives them a competitive advantage, only 28% in France claim to be able to achieve this…

Lack of trust in data security

Another still alarming observation is that our companies show very little confidence in the security of their data. For example, only 48% of IT managers consider perimeter security to be effective in preventing unauthorized users from connecting to their networks… which may translate to just over 1 in 2 companies doubting the protection of their networks!

In fact, 68% of them believe that unauthorized users can access their corporate networks. This figure compares with only 43% of IT managers who are extremely confident about the security of their data once hackers are inside.

In reality…
A certainly understated 27% say their company’s security perimeter has been breached in the past 12 months. And 76% of respondents globally, 68% in France, said their company reported their most recent data breach incident to local authorities.

Of the companies that were breached, only 10% of compromised data was protected with encryption, with the rest of the data remaining exposed. These latest figures are extremely worrying for European countries given the immediacy of the GDPR.