Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Rudimentary Attacks Pose Greatest Risk to Midsized Organizations According to New Threat Report

Published by Gbaf News

Posted on May 6, 2017

7 min read

Last updated: January 21, 2026

Add as preferred source on Google

Friedrich Merz, German opposition chancellor candidate, advocates for free trade talks with Trump - Global Banking & Finance Review — The image features Friedrich Merz, the German opposition's chancellor candidate, advocating for renewed free trade negotiations with the U.S. under Donald Trump, emphasizing the importance of restoring competitiveness for Germany's economy.

eSentire SOC Analyzes Nearly 5 Million Attacks Across Hundreds of Midmarket Organizations in 2016

Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organizations, according to a recent cyber threat report by eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider.

Produced by eSentire’s Threat Intelligence team, the “2016 Midmarket Threat Summary Report” provides an overview of the cyber threats investigated by the eSentire Security Operations Center (SOC) in 2016. The report addresses three key areas: threat types, threat volume, and attack types. The analytical assessment includes visual data analysis, written analytical evaluations, practical recommendations, and key analytical assumptions, providing threat perspective for business leaders in small and midsize enterprises, and actionable takeaways to help leaders strategically reduce the risk of cyber attacks.

“In 2016, the eSentire SOC detected almost 5 million attacks across hundreds of primarily small to medium organizations, spanning multiple industries,” said Viktors Engelbrehts, director of threat intelligence at eSentire. “Cybercriminals are attracted to easy targets because they are low risk, high reward, and require little effort to execute. However, available evidence suggests that the majority of opportunistic cyber-attacks against mid-sized businesses can be prevented by applying basic best practice security principles.”

Key Findings

March to April and September to October were the most intense periods of threat events throughout the year, with March being the most active month, and June to July being the least active.
The most often observed threat categories were Intrusion Attempts, Information Gathering, and Policy Violations, representing 63% of all observed attacks.
Intrusions Attempts (primarily web attacks) was the top-ranking threat category, representing almost 30% of all observed events.
The top attack methods in the Intrusion Attempts category involve exploiting a Shellshock vulnerability (CVE-2014-6271), representing approximately 60% of all intrusion attempts.
OpenVAS remains the most prominent tool used for information gathering purposes, with 62% of all events attributed to this category. Attacks against the Secure Shell (SSH) protocol remain the second highest threat in this category, with 21% of all events attributed to attempts to guess or brute force passwords.
Web-based attacks and network scanning continue to increase as widely adapted automated tools allow a hands-off approach by threat actors.

Key Takeaways

Rudimentary attacks pose the greatest risk – cybercriminals are moving away from sophisticated malicious code attacks, with the majority of attackers preferring inexpensive and automated methods of intrusions, exploiting ‘low hanging fruit’ (representing almost 30% of all observed events). This trend is expected to continue so long as these techniques are successful.
Every organization is a target – with easier access than ever before to simple and automated tools, cybercriminals can quickly and easily stage attacks against every business. Attacks, such as ransomware, can reap financial gains without the painstaking effort required to identify and extract high value information from an organization’s network.
Detecting and disrupting the common methods and tools used will make attacks less effective, directly impacting cybercriminal rationale when choosing attack targets. This includes steps to minimize the attack surface and tailoring of security controls.
Organizations can use seasonal threat trends to align security efforts to their advantage. For example, security awareness training is most effective when applied between December to March, ahead of the busiest time for threat activity, which is March to April.

Methodology

The eSentire Threat Intelligence team used data gathered from 1,500+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data was normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product.

“Defending against evolving threats has never been more important for midsized organizations working to guard against financial and reputation-based risk. By addressing the recommendations listed in eSentire’s 2016 Midmarket Threat Summary Report, business leaders will be equipped to disrupt threat opportunities, as opposed to remediating financial damage caused by attacks,” said Mark McArdle, eSentire CTO.

Access eSentire’s complete threat summary report here: “eSentire 2016 Midmarket Threat Summary”.

eSentire SOC Analyzes Nearly 5 Million Attacks Across Hundreds of Midmarket Organizations in 2016

Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organizations, according to a recent cyber threat report by eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider.

Produced by eSentire’s Threat Intelligence team, the “2016 Midmarket Threat Summary Report” provides an overview of the cyber threats investigated by the eSentire Security Operations Center (SOC) in 2016. The report addresses three key areas: threat types, threat volume, and attack types. The analytical assessment includes visual data analysis, written analytical evaluations, practical recommendations, and key analytical assumptions, providing threat perspective for business leaders in small and midsize enterprises, and actionable takeaways to help leaders strategically reduce the risk of cyber attacks.

“In 2016, the eSentire SOC detected almost 5 million attacks across hundreds of primarily small to medium organizations, spanning multiple industries,” said Viktors Engelbrehts, director of threat intelligence at eSentire. “Cybercriminals are attracted to easy targets because they are low risk, high reward, and require little effort to execute. However, available evidence suggests that the majority of opportunistic cyber-attacks against mid-sized businesses can be prevented by applying basic best practice security principles.”

Key Findings

March to April and September to October were the most intense periods of threat events throughout the year, with March being the most active month, and June to July being the least active.
The most often observed threat categories were Intrusion Attempts, Information Gathering, and Policy Violations, representing 63% of all observed attacks.
Intrusions Attempts (primarily web attacks) was the top-ranking threat category, representing almost 30% of all observed events.
The top attack methods in the Intrusion Attempts category involve exploiting a Shellshock vulnerability (CVE-2014-6271), representing approximately 60% of all intrusion attempts.
OpenVAS remains the most prominent tool used for information gathering purposes, with 62% of all events attributed to this category. Attacks against the Secure Shell (SSH) protocol remain the second highest threat in this category, with 21% of all events attributed to attempts to guess or brute force passwords.
Web-based attacks and network scanning continue to increase as widely adapted automated tools allow a hands-off approach by threat actors.

Key Takeaways

Rudimentary attacks pose the greatest risk – cybercriminals are moving away from sophisticated malicious code attacks, with the majority of attackers preferring inexpensive and automated methods of intrusions, exploiting ‘low hanging fruit’ (representing almost 30% of all observed events). This trend is expected to continue so long as these techniques are successful.
Every organization is a target – with easier access than ever before to simple and automated tools, cybercriminals can quickly and easily stage attacks against every business. Attacks, such as ransomware, can reap financial gains without the painstaking effort required to identify and extract high value information from an organization’s network.
Detecting and disrupting the common methods and tools used will make attacks less effective, directly impacting cybercriminal rationale when choosing attack targets. This includes steps to minimize the attack surface and tailoring of security controls.
Organizations can use seasonal threat trends to align security efforts to their advantage. For example, security awareness training is most effective when applied between December to March, ahead of the busiest time for threat activity, which is March to April.

Methodology

The eSentire Threat Intelligence team used data gathered from 1,500+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data was normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product.

“Defending against evolving threats has never been more important for midsized organizations working to guard against financial and reputation-based risk. By addressing the recommendations listed in eSentire’s 2016 Midmarket Threat Summary Report, business leaders will be equipped to disrupt threat opportunities, as opposed to remediating financial damage caused by attacks,” said Mark McArdle, eSentire CTO.

Access eSentire’s complete threat summary report here: “eSentire 2016 Midmarket Threat Summary”.