SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Dark web
#
Email Security

Trustwave report highlights severe cybersecurity threats to pro firms

Thu, 27th Jun 2024
Author image
By Imee Dequito, Editor

Trustwave, a cybersecurity and managed security services provider, has released a report entitled "2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies." The report investigates the rise of ransomware, third-party supplier exposure, and technology-based attacks targeting professional services firms.

The professional services sector, which includes consulting, accounting, legal, and other business services, has been identified as a prime target for threat actors due to the sensitive nature of the data these firms possess. This data, including intellectual property, legal documents, and client personally identifiable information (PII), is highly valuable and can be sold on the Dark Web or used to launch further attacks.

Kory Daniels, Chief Information and Security Officer at Trustwave, stated, "Across today's B2B and B2C vendor supply chains, a cybersecurity breach for professional services firms isn't just an inconvenience, it can be catastrophic.

"The financial losses from recovery, legal fees, and potential fines are just the tip of the iceberg. The severe reputational damage can erode years of client trust and stall future business. Operational disruptions, employee stress, and increased regulatory scrutiny further compound these challenges. This is why robust cybersecurity is no longer optional, it's a critical priority for these information-rich firms."

The recent research by Trustwave SpiderLabs reveals the attack methodologies employed by threat groups, highlighting their tactics, techniques, and procedures. Professional services firms face a unique cybersecurity challenge due to complex vendor ecosystems, regulatory burdens, and the high value of their data.

The report analyses the threat groups and their methods throughout the attack cycle, from the initial foothold to data exfiltration. By examining the cybersecurity challenges across different professional service fields, including legal services, consulting, and accounting, the report underscores the sector's vulnerabilities.

According to the findings, law firms are the most vulnerable within the professional services sector, accounting for 46 per cent of ransomware incidents. Phishing remains a significant threat, responsible for 93 per cent of the initial access gained by attackers. A deeper dive into the report shows that 20 per cent of ransomware attacks in the professional services industry were perpetrated by the ALPHV group, while LockBit 3.0 and 8Base were behind 19 per cent and 18 per cent of attacks, respectively.

The report emphasises the necessity for professional services firms to adopt robust cybersecurity measures urgently. Given the high incidence rate of attacks, firms must prioritise their cybersecurity strategies to protect sensitive data and maintain operational integrity amidst the evolving threat landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Why the answer to AI threats is not more AI
NetApp launches AI-driven ransomware protection for businesses
SentinelLabs report exposes ransomware strategy of APT groups
BlackBerry cyber report reveals 3.1 million attacks in Q1 2024
Adlumin enhances ransomware prevention with new exfiltration tool
Top stories
Equativ appoints Rueben Vijaratnam as new MD for South-East Asia
Runtime security challenges for geo-distributed businesses
Bitdefender & Netgear report reveals major IoT vulnerabilities
Aqua Security finds critical data exposures in SCM systems
Survey shows 76% of firms boost cyber defences for insurance