Since 2014 cybercrime rates have been on a steep trajectory, rising in both frequency and complexity. In the two years since big-name retail giants set records with massive security breaches, businesses have been scrambling to better understand what their unique risk profile looks like and how they can defend against cyber-attacks. Today’s reality is that every business, regardless of scope, scale or industry is at risk. Whether it’s personally identifiable information (PII), merger and acquisition data, or client records, all businesses house sensitive data that cybercriminals covet. In the space of two years - not surprisingly - small and mid-sized organizations have become a popular attack target.

As part of our own industry profiling initiatives, eSentire commissioned a study analyzing its own data of all incidents actioned by its Security Operations Center (SOC) from January 2014 to January 2016. What the study reveals is that contrary to popular opinion (driven mostly by mainstream media), the greatest risk facing mid-sized enterprise isn’t coming from sophisticated, targeted threats. The most common vectors affecting organizations in the small to mid-size space are rudimentary, unsophisticated attacks.

The report highlights:

  • The difference between threat actors and attack vectors;
  • A breakdown of commonly actioned threats (by volume and frequency);
  • Attack vector predictions.