CYBER ATTACKS ANALYSIS: WHAT IT IS AND HOW IT WORKS
When we started this research in 2011, our aim was to raise awareness and improve understanding of cyber threats.
At the time, “cyber” risks were not even considered in the World Economic Forum’s Global Risk Report, in which they were only introduced in 2015, and communicating the urgency of dealing with IT security was complex in the absence of quantitative data able to illustrate the problem and its evolution over time.
If 11 years ago, however, the situation could have seemed worrying to us, at this point it is no longer a mystery that we are in full emergency and that no one can consider themselves safe from cyber attacks.
So let’s see how our classification of cyber attacks works.
In over 10 years, the analysis and classification of cyber attacks has greatly evolved.
The methodology used has been refined and updated over time, both from the point of view of the number and quality of the sources, and the quantity of variables to describe the different phenomena and the taxonomies used to classify the data, completely revised to comply with what as much as possible to internationally recognized standards.
The classification system of the product sectors adopted to map the victims of cyber attacks is derived from the ISIC (International Standard Industrial Classification of All Economic Activities) of the United Nations and from the NACE (Nomenclature statistique des activités économiques dans la Communauté Européenne) of the European Commission. , from which also the Italian ATECO Codes derive.
Our classification of victims has obviously been adapted to also include the types of cyber attack targets excluded by the previous standards and includes a total of 20 product categories and 141 sub-categories.
THE ATTACK TECHNIQUES
The classification of attack techniques is derived from the MITRE ATT&CK®, the Threat Taxonomy of ENISA (European Union Agency for Cybersecurity), the Open Threat Taxonomy and several other frameworks.
It includes 8 macro-categories and 59 sub-categories.
The classification of the attackers derives from our experience in the field and represents a mapping between the main families of “bad actors” and the reasons for the attacks observed in over 10 years of investigations.
It includes 4 macro-categories and 13 sub-categories.
Since 2017 we have introduced an index of the severity of the analyzed attacks, classifying them on the basis of increasing levels, which allows us to carry out an analysis of the different impacts caused by the various IT incidents and to offer interesting information to both companies and institutions.
In 11 years, we have identified, classified and evaluated over 14,000 cyber attacks (on average more than 100 per month).
Of these, 7,144 occurred in the last 4 years, from 2018 to 2021 (of which 2,049 in the last year alone), demonstrating an impressive acceleration in the frequency and severity of cyber threats.
The sample includes successful cyber attacks that have become public.
This allows us to photograph the situation of the threats that have managed to overcome the defenses in the field and that have also had reputational repercussions, in addition to further economic, technological and often even legal damage.
On the other hand, our sample is necessarily partial in that some attacks never become public domain, or the victims manage not to advertise them (unless forced by circumstances or by regulatory obligations), or due to their nature they emerge more difficult (this is the case of cyber espionage and information warfare activities, certainly underrepresented compared to cybercrime and hacktivism).
It is therefore plausible to assume that the scenario depicted by the analysis of cyber attacks is even less critical than the situation on the ground.
Another reason to continue to evolve this analysis and use this data strategically.
Contact us for more details and see a sample of our data on our Dashboard!