Skip to content ↓ | Skip to navigation ↓

According to a recent report, 77 percent of all detected ransomware targeted four industries, with the business and professional services sector being hit the hardest.

The 2017 Global Threat Intelligence Report by NTT Security analyzed log, event, attack, incident and vulnerability data from over 3.5 trillion logs over the course of one year to identify trends in today’s threats.

The report found the following four sectors were among the top ransomware targets globally: business and professional services (28 percent), government (19 percent), healthcare (15 percent) and retail (15 percent).

Furthermore, NTT Security notes that while technical attacks on the latest vulnerabilities tend to dominate the media, many attacks relied on less technical means.

For example, phishing attacks were responsible for nearly three-quarters (73 percent) of all malware that infected organizations, with government (65 percent) and business and professional services (25 percent) once again as the top targets.

Meanwhile, the United States (41 percent), the Netherlands (38 percent) and France (5 percent) ranked as the top three sources of phishing attacks.

Additional key findings from the report included:

  • 32 percent of organizations globally have an incident response plan.
  • Healthcare was the top sector supported for incident response (17 percent), followed by finance (16 percent).
  • Top incident response engagement types were ransomware (22 percent), breach investigation (22 percent) and malware (18 percent).
  • Finance was the most commonly attacked industry globally, subject to 14 percent of all attacks.

“We identified more than six billion attempted attacks over the 12-month period – that’s around 16 million attacks a day – and monitored threat actors using nearly every type of attack,” explained Steven Bullitt, Vice President Threat Intelligence & Incident Response at NTT Security, in a press release.

“Our end goal is not to create fear, uncertainty and doubt or to overcomplicate the current state of the threat landscape, but to make cybersecurity interesting and inclusive for anyone facing the challenges of security attacks,” said Bullitt.