Prioritisation remains a challenge for development teams

testing application security for fixing high risk vulnerabilities.

Web application attacks move up the stack for profit, access, and influence. Attacks double and expose dormant threats

in older software.

Surge in vulnerabilities shows weaponisation for use in adversarial campaigns and automated tooling.

Credential theft hands over the keys to the kingdom: data, applications, and

cloud infrastructure targeted.

Cryptojacking ‘compute to cash’ criminality catches

multiple sectors off-guard and at times accounts for more detections than all other

malware combined.

of all hostile activity falls into four categories:• web attacks• reconnaissance• service-specific attacks• brute-force attacks

73%

Compliance, data protection and privacy regulation creates

complexity and opportunity.

Cybersecurity insights from the inside

Executive Guide to the NTT Security 2019 Global Threat Intelligence Report

Insights driven by data

Leaders are increasingly savvy

about building long-term cybersecurity roadmaps.

Maturity is lacking… ambitions outpace

preparedness.

Cybersecurity is transformed by strategic

relationships and the threat landscape continues to evolve…

2018 marked a record year for new vulnerabilities BUT cybersecurity maturity has a way to go.

What kind of attacks?

Growth in vulnerabilities discovered compared to 2017Source: CVE Details 2018 Source: WhiteHat Security

Time-to-fix vulnerabilities by risk level

2016 2017 20180

2,000

8,000

14,000

18,000

16,000

12,000

10,000

6,000

4,000

20,000

5,447

14,714

16,555

Time-to-fix by risk level

Critical 129days

195days

178days

216days

203days

High

Medium

Low

Note

All others27%

Web attacks32%

Reconnaissance16%Service-specific

attacks13%

Brute-forceattacks12%

Targeted and prepared

Although attack targeting increased, there’s enhanced appetite to invest strategically in driving cybersecurity defences.

All others 34%

9%

11%

12%

17%

17%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Government

Education

Technology

Finance

Business and professional services

Education

Energy and utilities

Financial services

Healthcare

Manufacturing

Media and communication

Business and professional services

Government

Technology

Travel and transportation

0 1 2 3 4 5

1.21

1.10

1.03 2.07Current state

Future state

1.45 1.67

1.37 1.91

1.31 2.07

1.52 1.78

1.66

1.11

1.82

2.40

1.60 2.81

2.81

3.01

3.10

3.12

3.28

3.38

3.30

3.48

3.51

1.71

1.71 1.30

regulations and

legislation

business strategy and

alignment

risk appetite

threat profile industry competition culture

Factors that influence investment decisions

Cybersecurity requires strong leadership and business alignment to drive change

Global industry attack targets Global industry maturity levels

of all attacks originated from IP addresses within the US and China.

• Economic powerhouses’ infrastructure is being used as a launchpad for attacks.

• An attack source’s IP address does not always reflect the attacker’s location.

35% US22%

China13%

Japan6%

France5%

The Netherlands5%

All others49%

Where do attacks come from?

What does the future hold?

How can we help?

Global

MEA

Europe

Americas

APAC

Australia

0 1 2 3 4 5

Current state

Future state

1.45 1.85 3.30

3.60

2.90

3.56

3.20

3.41

1.77 1.83

1.42 1.48

1.21 2.35

1.45 1.75

1.64 1.77

Globally, organisations are less than half way to their desired future state. The Americas and Europe both fall significantly behind the global benchmark.

In terms of future cybersecurity maturity ambitions, MEA rates the highest, slightly ahead of the Americas.

Global Threat Intelligence Report

Ambitions outpace preparedness

Global attack and incident response data gathered from NTT Security and NTT operating companies and research sources.

security clients

Cybersecurity Advisory

Managed Security Services

We formulate processes and policies using empirical evidence and benchmarking to

make practical recommendations.

We offer consistent services to manage and optimise your security

infrastructure.

research and development centres

10,000

07

Security Operations Centres10

trillion logs analysed6.1+

Subscribe to our Emerging Threat Advisory Service

Dimension Data’s Threat and Vulnerability Advisory Service provides you with visibility of vulnerabilities that are being actively exploited across the

world, sourced from our real-time threat management platforms.

Join the conversation

#globalthreatreport

Linkedin Dimension Data

@Dimensiondata

www.dimensiondata.com/globalthreatreport

Global maturity levels by region