Attacks on critical infrastructure and industry supply chains and cryptomining represent some of the biggest threats facing organizations today, according to Accenture.
The firm’s latest Cyber Threatscape Report claimed CNI is an increasingly high value target for cyber-criminals and nation state actors alike, while a wide range of attackers will continue to focus on supply chains as a weak link in the corporate security chain.
“Third- and fourth-party environments provide adversaries with an entry point, even in verticals with mature cybersecurity standards, frameworks, and regulations,” the report noted. “Recent campaigns highlight the challenges of combatting weaponized software updates, pre-packaged devices, and supplier ecosystems as they fall outside the control of victim organizations.”
The consulting giant also pointed to a “radical shift” in the use of cryptocurrency mining malware targeting alternative coins like Monero, a trend likely to continue well into 2019.
The report highlighted a growing cyber-threat from Iran and APT groups using the same TTPs as espionage campaigns but for money-making ventures. The infamous Cobalt Group and Fin7 are just two examples.
While not earth-shattering, the report’s findings back-up many of the trends other industry experts and vendors have highlighted in the past. The NCSC has warned of supply chain attacks this year and increasingly brazen Russian attacks on UK critical national infrastructure in the energy, telecoms, media and other sectors.
A report in July from Check Point revealed cryptomining malware detections more than doubled from the second half of 2017 to the first six months of this year.
In response to these emerging threats, organizations must get more proactive in their thinking about business risk, according to Accenture Security managing director, Josh Ray.
“Learning from previous incidents and understanding what is coming next based on timely and actionable threat intelligence is key to keeping data and systems safe,” he said.
However, a survey from Accenture earlier this year found that 71% of CISOs interviewed believe cyber-threats are still a “bit of a black box; we do not quite know how or when they will affect our organization.”
Further, it found that only 13% of organizations think about future threats when drawing up their security budgets.