A recently published Trustwave report looking at cybercrime globally found that far and away the most common environment breached is corporate and internal IT networks (54%), followed by ecommerce (22%) and the cloud (20%). In the thousands of incidents studied, the report found that 50% of breaches across all environments stemmed from phishing and social engineering.
At a time when corporate IT networks are under unprecedented strain due to remote work and an accelerated shift to the cloud, this data suggests that networks will be under even greater attack this year. Hackers target corporate networks more often because many are seen as soft targets. Meanwhile, many companies neglected security in favor of prioritizing growth and cost-cutting during the good times. This includes not investing sufficiently in improving the security of the IT network. These companies, generally less well-managed companies, were not well prepared for the crisis. As a result, companies with poor cyber governance—those Cyberhedge rates as 1-Star—are proving less resilient in the face of COVID‑19 shocks and underperforming broader equity benchmarks in the US and Europe.
Crises serve to exacerbate pre-existing weaknesses of companies, and COVID‑19 is no different. The problem now with companies that neglected IT network security during the good times is that they now have fewer resources to allocate towards addressing their cyber security weaknesses in the short term. This is especially true for sectors like retail, which Trustwave indicates was the most popular target industry and largest source of breaches globally by a wide margin: 24% of total compromises documented versus finance and insurance at 14% of the total.