Once a target, always a target: If you're hit by hackers you're likely to be hit again

The number of organisations that have fallen victim to cyber-attackers only to fall victim a second time is on the up.
Written by Danny Palmer, Senior Writer

Video: Devising a winning cybersecurity strategy

If you're unlucky enough to fall victim to hackers, you're likely to fall victim to a similar cyber-attack or data breach in the months following the initial problem.

According to the newly-released FireEye M-Trends annual report for 2018, 56 percent of organisations that were targets of a significant attack in the last year and a half were targeted a second time in that period. That figure is up from 38 percent in 2013.

Almost half of those who fell victim to an additional attack (49 percent) were successfully attacked within the first 12 months following the initial incident and 86 percent of those who fell victim to additional 'significant' attacks were found to have more than one unique attacker active in their networks and systems.

While falling victim to repeated attacks is a problem for organisations around the world, those in the Asia-Pacific region are far more likely to succumb to this threat: FireEye found that 91 percent of APAC organisations fell victim to another attack, compared with 44 percent of organisations in the Americas and 47 percent in Europe and the Middle East.

One of the key reasons for breached organisations falling victim to additional attacks is that hacking groups are keen to finish the work they've started, even if they've been discovered in the network.

Now read: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness

"Attackers rarely randomly target organisations; once the reconnaissance has been conducted on a target the attacker will want to complete their attack. For nation-state actors, they will be tasked with gaining access or regaining access if it has been lost," Stuart McKenzie, VP of Mandiant at FireEye, told ZDNet.

But the second attack isn't necessarily going to be anything to do with the original hackers -- it could be a separate attack by a different hacking group eager to take advantage of what they perceive to be a weak target.

According to analysis in the report, organisations in the high-tech, communications and education sectors are viewed as the most valuable for attackers to attempt to breach, and could therefore have multiple groups within the network at any one time. That's especially the case if the organisation is known to have previously suffered a breach.

A robust cybersecurity strategy is the best way to avoid falling victim to attacks in the first place, but organisations can't just rest on their laurels and believe that all will be fine if they tweak their defences or install some new software.

As a result, cybersecurity staff need to constantly be on guard. "Defenders will need to constantly improve and detect attackers," said McKenzie.

See also: What is malware? Everything you need to know about viruses, trojans and malicious software

"Unfortunately, if you've been breached, our statistics show that you are much more likely to be attacked and suffer another breach. If you have not taken steps to enhance your security posture, you are taking a significant risk," said the report.

Recent and related coverage

Research: Employee compliance is the main challenge to implementing cybersecurity strategy
A recent Tech Pro Research poll showed that many companies are creating cybersecurity strategies, but enforcing them is the real challenge.

10 ways to develop cybersecurity policies and best practices
Today's security challenges require an effective set of policies and practices, from audits to backups to system updates to user training. Here are 10 ways to make sure you're covering all the bases.

Electronic communication: What needs to be in a good policy
Organizations need to set up clear guidelines on how employees can use company platforms and how data needs to be managed.


Editorial standards