Obrela releases its Digital Universe Study every quarter, which is a roundup of the attacks targeting our customers from the last three months.
The study runs a comparison against the previous quarter and the same quarter of the prior year to understand how attacker techniques are changing, which industries are facing the most attacks, and what within the technology stack is being targeted most frequently.
Highlights from our Q3 data reveals:
- Oil and gas organizations saw an 84 per cent increase in attacks targeting their cloud environments in Q3 2021 versus Q2 2021
- Banking and finance organizations saw a 60 per cent increase in attacks targeting their cloud environments in Q3 2021 versus Q2 2021
- Healthcare organizations saw a 30 per cent increase in attacks targeting their IT infrastructure in Q3 2021 versus Q2 2021
- Food and beverage organizations saw a 93 per cent increase in attacks targeting their endpoints and users in Q3 2021 versus Q2 2021
- When comparing attack data from Q3 2021 to Q3 2020, the construction industry was one of the hardest hit:
- The data highlights a 317 per cent increase in attacks on their IT infrastructure, a 74 per cent increase in attacks on their endpoints and users and an 85 per cent increase in attacks on their cloud environments.
Putting the numbers into perspective
When it comes to attack data, Q3 is generally one of the quietest times, and this generally points to the fact that seasonal factors, like summer holidays, impact the attack landscape.
However, our data shows that there is still a lot of threat activity during the summer months, so it is not a time to get complacent.
One of the most noticeable findings from our Q3 data is the increase in attacks on the construction industry. This could be down to the easing of COVID restrictions and because many construction projects were put on hold last year. It also points to the fact that attackers continue to ‘go where the money is’. When construction projects stopped, attackers no longer saw the sector as a lucrative target, but as work started to pick up again, so did cyberattack activity.
Once again, we also saw oil and gas hit hard, with an 84 per cent increase in attacks on their cloud environments. It has only been recently that industrial organizations have started to migrate to the cloud, and as more organizations leap, we can expect to see more attacks.
The good news is that operational technology (OT) attacks in oil and gas did decline in Q3, with a 91% drop compared to the previous quarter. However, this is unlikely to be a trend, given that OT presents one of the most frequently used attack paths into industrial organizations.
When it comes to protecting against today’s cyberattacks, organizations must take a risk-based approach to their security defenses and always focus on resilience. What is the worst-case scenario for you? What are you doing to protect against it? Once you have identified that worst-case situation, please put all your efforts into hardening your systems to minimize the damage it could create.
Regardless of where attacks are coming from or where they are targeting your technology stack, resilience should always be the focus. Harden systems, think about risks, and most importantly, never let your guard down.