Today, as part of NTT Group, we are proud to announce the publication of the annual Global Threat Intelligence Report (GTIR). The 2016 GTIR is the most comprehensive report to date, pulling in information from 24 security operations centres, seven R&D centres, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.

The report makes interesting reading for security professionals and IT decision makers who are responsible for mitigating the impact of a cyberattack in their organisation. This level of threat intelligence is highly valuable in that it provides organisations with actionable intelligence, guidance about what attackers are doing, and comprehensive security controls designed to disrupt attacks. Controls recommended in this report will contribute to an organisation’s survivability and resiliency in the face of an attack, which is more useful than threat information alone. I recently wrote a blog post on the differences between threat intelligence and information.

As for this year’s GTIR report, what we found particularly interesting is the following findings around incident response, vertical markets and vulnerabilities:

On average, only 23% of organisations are capable of responding effectively to a cyber incident. 77% have no capability to respond to critical incidents and often purchase support services after an incident has occurred.

Spear phishing attacks accounted for approximately 17% of incident response activities supported in 2015. In many cases, the attacks targeted executives and finance personnel with the intent of tricking them into paying fraudulent invoices.

The retail sector experienced the most attacks per client. Retail was followed by the hospitality, leisure and entertainment sector, then insurance, government and manufacturing. While the finance sector showed the highest volume of attacks overall, on a per-client basis, retail clients experienced 2.7 times the number of attacks as finance.

Nearly 21% of vulnerabilities detected in client networks were more than three years old. Results included vulnerabilities from as far back as 1999, making them more than 16 years old. This is for vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 4.0 or higher.

The full Global Threat Intelligence Report (GTIR) can downloaded at