Cyberattackers targeted the UK more than another other country in Europe in 2021, according to new research by IBM.
The IBM 2022 X Force Threat Intelligence Index also revealed that the UK energy, manufacturing and financial services industries are attracting the most cyberattacks. The energy sector saw 24 percent of all UK cyberattacks in 2021, followed by manufacturing and financial services with 19 percent each.
The study comes amid pressure on the UK’s energy and manufacturing sectors, with the energy regulator preparing to increase its cap on prices by more than 50 percent in April, and ongoing supply chain challenges. With the cost of cyberattacks trickling down to consumers, IBM noted that the findings highlight the urgent need for robust cyber resiliency in the nation’s critical industries.
Data theft was the most common attack type in the UK during 2021, making up 31 percent of incidents – though ransomware was top globally, with 21 percent of attacks.
Phishing was overwhelmingly the top infection method used against UK businesses in 2021, leading to 63 percent of incidents.
The report comes as the UK government steps up its efforts on cybercrime, recently publishing its Government Cyber Security Strategy 2022-2030 and proposing tougher new UK laws to strengthen cyber resilience, with the recent Annual Cyber Sector Report showing record investment in the industry.
“Cybercriminals worldwide are becoming increasingly resilient, resourceful, and stealthy in their pursuit of critical data,” said Laurance Dine, global partner, X-Force Incident Response, IBM.
“In Europe, we saw adversaries overwhelmingly exploiting unpatched vulnerabilities to infiltrate victim environments in 2021, highlighting the importance of adopting a Zero Trust approach to security. Businesses must start operating under the assumption of compromise, putting the proper controls in place to defend their environment and protect critical data.
“In the UK, critical industries such as energy, manufacturing and finance are key targets for cybercriminals, underlining the importance of the government’s National Cyber Security Strategy to ensure the economy remains resilient in our fast-moving digital world.”
Vulnerability exploitation
Other findings include:
- The REvil ransomware group was responsible for 37 percent of all ransomware attacks X-Force
- observed in 2021.
- Data theft was the most common attack type in the UK during 2021, making up 31 percent of incidents.
- Phishing was overwhelmingly the top infection method used against UK businesses in 2021, leading to 63 percent of incidents.
Vulnerability exploitation, a term used to describe a threat actor taking advantage of an unpatched flaw or weakness in an IT system, remains a top challenge. The number of network compromises caused by vulnerability exploitation rose 33 percent in a year. Vulnerability exploitation was the cause of 44 percent of ransomware attacks. In Europe, 46 percent of cyberattacks were caused by vulnerability exploitation.
Manufacturing was the most attacked industry globally in 2021, with ransomware persisting as the main culprit, representing 23 percent of attacks.