U.K. organizations are facing increasingly motivated threat actors armed with an arsenal of tools and tactics. From remote exploits and commodity malware to phishing, business email compromise and hands-on-keyboard attacks, the risks have never been greater.
Small and medium-sized businesses (SMBs) are particularly vulnerable with more limited cybersecurity staff and budget compared to enterprises. The result can be a stressed security posture unable to keep pace with the expanding threat surface.
Today's modern security solutions must address the entire threat surface including endpoints, network, cloud, logs and insider threats.
This in-depth U.K-focused report delivers key observations on how:
- MalDocs and phishing rank evenly as attack techniques responsible for the highest number of serious incidents observed
- Threat actors initiate attacks with business-related MalDoc lures masquerading as invoices, quotes, purchase orders, shipping documents and RFPs
- The most effective phishing lures relate to particular cloud sites and services, with Office 365 phishing becoming more sophisticated and including automated bespoke branding to match the target
- Business email compromise attacks, including account takeover and impersonation, threaten to evolve into more sophisticated cultural engineering incidents
- Ransomware attacks have transitioned from opportunistic nuisance to aggressive, well-planned and multi-faceted extortion