Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies


These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

2017 Global Threat Intelligence Report

We recently published the Executive’s Guide to the 2017 Global Threat Intelligence Report. The Report provides insights on the current cybersecurity landscape which we’ve gathered by continuously monitoring our clients’ security estates, over the past year.

This year’s Report unveils some interesting – and concerning – trends and developments. Here are my top five:

1. Cybercriminals are increasingly setting their sights on the government sector

Our analysis reveals that cyber attacks on the government sector doubled in 2016, hiking to 14% from 7% of all cybersecurity attacks in 2015.

Governments all over the world are constantly under the threat of sophisticated attacks launched by rival nation-states, terrorist groups, hacktivists, and cyber criminals. That’s because government agencies hold vast amounts of sensitive information – from personnel records, budgetary data, and sensitive communications, to intelligence findings. What’s interesting is that this year we saw numerous incidents involving insider threats.

We believe that a number of global geo-political events could have contributed to the government sector being a cybersecurity attack target. These include:

  • the US presidential election campaign
  • a new US administration with a more aggressive stance toward China and North Korea
  • China adopting a more aggressive policy stance in securing its vital ‘core interests’
  • US and European Union-led economic sanctions against Russia
  • Russian state-sponsored actors continuing cyber operations against Western targets
  • growing negative sentiment in the Middle East against the West’s aggression towards Syria

2. Attacks on the finance sector are also on the rise

Attacks on the finance sector also rose dramatically, accounting for 14% of all attacks in 2016, compared to just 3% in 2015.

The ongoing and increasing attacks in the financial services industry come as no surprise. Cybercriminals follow the money. In addition, these organisations have large amounts of digital assets and sensitive customer data. Gaining access to them enables cybercriminals to monetise personally identifiable information and credit card data in the underground economy.

3. The US is still the major source of cyber attacks

Of all attacks detected in 2016, 63% originated from IP addresses in the US.

While this is slightly lower than the 2015 figure (65%), the US has consistently been the major source of hostile activity for the last few years.

Our research suggests that the US is the predominant location of cloud-hosted infrastructure globally. The market is highly concentrated, competitive, and mature which makes cloud-based service offerings more cost-effective in the country.

Clouds by their very nature are designed to be scalable, flexible, and reliable. Threat actors often utilise public cloud to orchestrate attacks due to the relatively low cost and stability of this infrastructure. This creates the perfect environment for adversaries to leverage in order to conduct cyber attack campaigns.

4. The UK is the number one source of non-US based attacks for the second consecutive year

Attacks from addresses based in the UK accounted for 4% of all attacks, compared to 5% in 2015. China was the source of the third-largest number of attacks (3%), up from fourth position in 2015 (4%).

The top five attack source countries accounted for 75% of all identified attacks in 2016.

The UK, France, and Norway have historically been considered ‘first world’ countries.  Technology dependence has seen mass adoption of infrastructure and rapid deployment of emerging technologies, such as Internet of Things (IoT) devices.

China and Russia, which round out the remaining top five positions, were once considered –‘second world’ countries based on political and economic divisions. Interestingly, the global media tends to report on these sources as propagating significant malicious activity in comparison to other countries. Collectively, they make up less than 15% of attacks globally.

5. Denial-of-service (DoS) or distributed-denial-of-service (DDoS) attacks are on the increase

In 2016, we saw a marked rise in DoS or DDoS attacks (6%), up from 3% in 2015. Interestingly however, DDoS attacks accounted for over 16% of all attacks from Asia, and 23% of all attacks from Australia.

Our research identified that this upswing was related to the proliferation of Internet-connected IoT devices that lack sufficient security controls. Non-secure default configurations, weak passwords, and a lack of patch management and vendor accountability continue to be cause for concern.

For more insights and analysis of the global cyber threat landscape, download the Executive’s Guide to the 2017 Global Threat Intelligence Report or listen to webinar here

Previous Article: Get ready for a digital retail revolution by knowing what your customers want Next Article: Why incident response is high on the executive agenda

You may be interested in

Man working on computers

Protect your data from the inevitable ransomware attack

To cope with this new kind of threat, your backup and recovery strategy needs to adapt.

Read blog
Rocky ocean

What I learned from hacking the Winter Olympics

I used to think that technology was the answer to all security questions, but my experience post 9/11 taught me that governance should always be the starting point for security discussions.

Read blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog

Balancing risk and innovation

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence and improved customer relationships.

Read blog