Blogs

2023 IBM Security X-Force Threat Index identifies top targets

With the release of IBM Security’s annual X-Force Threat Intelligence Index, it is evident the global cybercrime rampage is rapidly gaining traction. Disruption from the lingering pandemic and the war in Ukraine, in addition to other global events, has created a level of chaos that cybercriminals love to exploit to infiltrate governments, organizations and systems around the world.

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of datapoints from network and endpoint devices, incident response engagements and other sources.

Canadian findings in the 2023 IBM Security X-Force Threat Index

Energy under pressure

• Energy and utilities firms rose to the top of the victim list in Canada, constituting 60% of all attacks responded to by IBM X-Force in 2022 (up from 21% last year). This was followed by finance and insurance at 20%, while retail and government cases accounted for 10% each.
• The energy industry has recently come under intense pressure due to a variety of global forces – particularly those exacerbated by current geopolitical tensions and economic uncertainty – which has affected an already tumultuous global energy trade. Attackers wagered on this instability.

Financial Services are still a prime target

• Finance and insurance was Canada’s second most attacked industry, representing 20% of attacks last year (up from 16% the previous year).
• Finance and insurance organizations tend to be further along in both digital transformations and cloud adoption progress relative to other industries. As a result, attackers may need to work harder to successfully execute attacks against these organizations.

Retail is facing more threats

• In Canada, retail has emerged as the third most attacked industry, accounting for 10% of all attacks IBM X-Force remediated in 2022. Globally, it was the fifth most targeted industry, accounting for 8.7% of all attacks.
• These findings shed light on the growing threat to the retail and wholesale sector, which is an attractive target for cyber attackers due to its large amounts of sensitive information and financial transactions, its reliance on a complex supply chain network, and the potential for significant reputational damage.

More IBM Security X-Force insights on Canadian cybercrime

High psychological impact: Cybercriminals are targeting industries with little to no tolerance for downtime, such as utilities, manufacturing and banking, to force victims to pay. This was the top impact observed globally in 2022 – more than one quarter of all attacks involved extortion. The latest extortion scheme turns customers and business partners into pawns.

Stolen usernames and passwords: In Canada, credential harvesting took the pole position with 67% of incidents that X-Force remediated (compared to 11% globally). A third of them (33%) resulted in botnet (malware) infections of networks. Overall, X-Force saw threat actors use spearphishing links and exploitation of public-facing applications in equal proportion to gain initial access. Botnets, ransomware, and deployment of recon/scanning tools were the three top actions on objectives observed in incidents in Canada.

IBM Security recommendations

1. Stop blaming the user. Attackers rely on the fact people are innately curious and inclined to click on links. The report shows that it’s a strategy that works – with 41% of incidents starting from a phishing email. The default industry setting is to blame the user – that needs to change. The focus should be on rolling out the right technology to protect users from falling victim.
2. Accelerate your response. It’s no longer a question of whether an adversary will get in – it’s a question of when. Successfully responding to a breach is all about speed and limiting the window of access and damage to your environment. How your team responds in the critical moment can make all the difference in the amount of time and money lost in a response.
3. Employ endpoint or extended detection & response technologies. The rise in backdoor cases points to some success in catching infections earlier. Endpoint and extended detection and response technologies provide the means to identify and mitigate threats before adversaries take more dangerous actions.
4. Shift your mindset. You have to think like an attacker and understand how they operate. Adversary simulations and threat hunting can help businesses outsmart cybercriminals.
5. Know your attack surface. One third of attackable assets on organizations networks are unmanaged or unknown, offering easy targets for attackers and risking unintended data exposure. You need to think like an attacker, discover where you’re exposed and the ways an attacker could get in with least detection.
6. Challenge assumptions. Today, you have to assume compromise. Perform regular offensive testing including threat hunting, penetration testing, and objective-based red teaming to detect or validate opportunistic attack paths into your environment.
7. Build an adaptable, threat-driven security strategy. There is no single, out-of-the-box solution to protecting businesses today. Attackers are constantly innovating and evolving techniques to evade detection – cyber strategies should be just as flexible. Buy the tools, build the plan, but then test it, learn from what you find, and adapt regularly to consider the rapidly evolving threat landscape.

Staying Ahead of the Curve 

With data breaches costing Canadian companies CA$7.05 million per incident on average (an all-time high), the financial stakes are greater than ever; not to mention the erosion of trust that comes with theft of private data. Government and businesses must stay ahead of the curve if they are going to thwart cybercriminals who are more incentivized than ever to exploit vulnerabilities.