Labels

Application security287
Core Data Discovery and Risk Insights0
Data Privacy and Protection234
Identity & Access Mgmt558
PlateSpin0
Security175
Security Events36
Security Operations172
Sentinel14
Threat Detection and Response0
UEBA116
Popular Tags
  • Views 1617 Views
  • Comments 0 Comments
Related Content
Cybersecurity Blog
9 min read time

Key Cybersecurity Statistics from 2024: An Alarming Landscape

by in Cybersecurity

Organizations are releasing their 2024 cybersecurity reports, shedding light on key trends and statistics within the cybersecurity threat landscape. I find these industry statistics fascinating, as they offer different perspectives on what's happening—much like the old adage about exploring the elephant blindfolded.

Source: https://www.linkedin.com/pulse/security-can-take-workforce-risk-mainstream-seeing-whole-a-j-cook/

Reviewing various reports from experts in the field provides us with a more complete picture of the current state of cybersecurity. I’ve summarized some of the findings I thought were the most significant and organized them by topic area. Links to the source reports are provided at the end for further reference.

Ransomware and Extortion

Ransomware continues to devastate organizations globally by encrypting critical data and demanding substantial ransoms for decryption keys. These attacks have grown more sophisticated, focusing on high-value assets and employing advanced encryption techniques to avoid detection.

  • Verizon DBIR: Ransomware and extortion techniques accounted for a third (32%) of all breaches. Pure extortion attacks rose to 9% of breaches, with ransomware being a top threat across 92% of industries. The median loss from these breaches is $46,000, with a range of $3 to $1,141,467 for 95% of cases.
  • Check Point: Major ransomware attacks continue to exploit zero-day vulnerabilities, with economic motivations driving these attacks. Ransomware affected 66% of organizations, highlighting its pervasive nature.

Identity-Based Attacks and Credential Abuse

Identity-based attacks and credential abuse have surged to alarming levels, underscoring the critical need for robust identity and access management (IAM) solutions and stringent API authentication measures. The growing sophistication and frequency of these attacks highlight the vulnerabilities within current security frameworks and the urgent need for enhanced protection strategies.

  • Verizon DBIR: Credential theft was a factor in 45% of breaches. Attackers frequently use stolen credentials to bypass security measures, emphasizing the need for multi-factor authentication (MFA). Breaches involving stolen credentials have an average dwell time of 150 days before detection.
  • CrowdStrike: There was a surge in identity-based attacks, often facilitated by generative AI. Techniques like phishing, social engineering, and using stolen API keys were prevalent. The speed and stealth of these attacks were highlighted by a record eCrime breakout time of 2 minutes and 7 seconds.
  • Deloitte: Abuse of valid credentials accounted for 44.7% of data breaches, indicating the critical need for effective identity access management.
  • CyberArk: The report emphasized the growing risks associated with third- and fourth-party vendors, especially concerning identity security in digital ecosystems. There is an increasing focus on securing machine identities as they become more prevalent in automated processes and AI applications.
  • Dark Reading/OpenText: Over half of respondents of the survey stated they were aware of their organization being targeted with a credential-based attack within the last six months. And more than one-third have fallen victim to successful credential-based attacks in the past year.

Supply Chain Attacks

Supply chain attacks have increased dramatically, highlighting the critical need for rigorous vendor management practices and comprehensive security assessments of third-party software providers. The risks associated with open-source software, whether from malicious actors or unintended use of vulnerable code, have become more pronounced. Enhanced dependency management and vigilant monitoring of supply chain components are essential to mitigate these threats.

  • Sonatype: The number of software supply chain attacks has doubled compared to previous years, with 245,032 malicious packages identified in 2023. Additionally, 96% of vulnerabilities in open source downloads are avoidable with better dependency management.
  • Verizon DBIR: Supply chain attacks rose significantly in 2023, with 15% of breaches involving third-party software vulnerabilities or direct attacks on third-party providers—a 68% increase from the previous year.
  • Check Point: An increase in malicious software packages within open-source repositories poses significant risks to the software supply chain.

Human Element and Insider Threats

The human element continues to be a significant factor in data breaches, with non-malicious errors and phishing scams playing major roles. Phishing remains a prevalent threat, using deceptive tactics to trick users into revealing sensitive information such as passwords, financial details, or personal data. These attacks often appear as legitimate emails, messages, or websites, exploiting human vulnerabilities rather than technical flaws. Insider threats, both negligent and malicious, also contribute significantly to breaches, while Business Email Compromise (BEC) incidents have seen a notable increase, resulting in substantial financial losses for businesses.

  • Verizon DBIR: More than two-thirds (68%) of breaches involve a non-malicious human element, such as errors or falling for phishing scams. Insider threats accounted for 22% of breaches. The report notes that 60% of insider incidents were caused by negligence, while 40% were due to malicious intent. Business Email Compromise (BEC) incidents have increased by 20%, with reported financial losses surpassing $2.4 billion. The average loss per incident is now around $50,000, highlighting the financial impact on businesses.
  • Securonix: Their report reveals that 76% of organizations have detected increased insider threat activity over the past five years, yet less than 30% feel fully equipped to handle them. Only 21% have fully implemented insider threat programs. Detecting and containing insider threats takes an average of 86 days, with only 13% of incidents contained within 31 days. Concerns about insider risks in hybrid work environments are prevalent, with 70% of organizations expressing such concerns. Additionally, 75% are worried about the impact of emerging technologies, such as AI and quantum computing, on insider threats.
  • PrivacySavvy: Insider threat incidents have increased by 47% over the last two years, affecting over 34% of businesses globally each year.
  • Ekran Systems: It takes an average of 86 days to detect and contain an insider threat incident, with only 13% of incidents being contained within 31 days.

Data Privacy

Data privacy concerns are intensifying as digital ecosystems become increasingly complex and the risks associated with third- and fourth-party vendors grow. The proliferation of malicious software packages in open-source repositories further exacerbates these issues, highlighting the need for stringent data protection measures and compliance with privacy regulations.

  • CyberArk: With the rising complexity of digital ecosystems, third- and fourth-party risks are becoming more significant, particularly concerning data privacy. Ensuring robust data protection measures and compliance with privacy regulations is critical to mitigating these risks.
  • Check Point: Malicious software packages in open-source repositories pose significant risks to data privacy, as compromised software can lead to unauthorized data access and exfiltration.

Cloud Security

The increasing frequency of cloud intrusions underscores the need for enhanced cloud security measures, including MFA, IAM, and robust data protection. The following statistics, and incidents like what’s happened to Snowflake, highlight the importance of addressing security gaps to protect against sophisticated adversaries.

  • Verizon DBIR: Attacks on cloud infrastructure have surged by 25%, with misconfigurations accounting for 80% of cloud breaches. The report highlights the need for better cloud security practices and configuration management.
  • CrowdStrike: Cloud intrusions saw a 75% increase, indicating a growing focus of adversaries on exploiting cloud environments. Adversaries are using valid credentials to access victims’ cloud environments and legitimate tools to execute their attacks.

Application Security

Application security remains a critical focus for organizations, with many establishing formal programs and emphasizing the protection of business-critical applications. Despite these efforts, challenges persist, such as the misuse of stolen API keys and vulnerabilities in application components.

  • Dark Reading:
    • 44% of organizations have been practicing formal, programmatic application security for one to five years.
    • 23% of respondents say their biggest application security risk is attackers with deep knowledge of application vulnerabilities.
    • 72% of organizations focus primarily on securing business-critical applications.
    • 55% of organizations keep up to date on patching their most important applications.
    • 74% consider their dependency scanning/software component analysis (SCA) practices very or somewhat effective.
  • CrowdStrike: The misuse of stolen API keys has become a prevalent method for gaining initial access, emphasizing the need for stringent API security measures. Adversaries are leveraging API vulnerabilities to infiltrate systems and exfiltrate sensitive data.
  • Punyani: SQL injection and Cross-Site Scripting (XSS) attacks remain significant threats in 2024, particularly for industries relying on legacy systems and inadequately coded applications. XSS attacks have become more sophisticated, targeting dynamic web applications and client-side scripting frameworks.

Artificial Intelligence (AI) in Cybersecurity

The integration of AI and machine learning in cybersecurity offers substantial benefits for threat detection and response, revolutionizing defenses against evolving threats. However, this integration also introduces new challenges, such as managing open-source security risks and potential abuse by adversaries. The following insights illustrate the dual role of AI in enhancing cybersecurity while also presenting unique risks that must be effectively managed.

  • CrowdStrike: The abuse of generative AI by adversaries raises concerns about convincing social engineering campaigns and the creation of malicious software, tools, and resources to conduct stronger attacks. AI has also been pivotal in enhancing defense mechanisms, allowing for more sophisticated threat detection and response.
  • Check Point: AI is revolutionizing cybersecurity by providing cutting-edge defenses against evolving threats. AI-driven tools are increasingly used to detect zero-day vulnerabilities and respond to cyberattacks more effectively.
  • Sonatype: AI and machine learning components in software development have surged by 135%, significantly enhancing developer efficiency and security. However, the integration of AI/ML also brings challenges, including managing open-source security risks and licensing issues.

Hacktivism and State-Sponsored Attacks

State-sponsored hacktivism and the use of disruptive wiper malware for political objectives are increasingly prevalent, highlighting the growing involvement of nation-states in cyber warfare. This surge necessitates robust defenses against APTs to protect valuable intellectual property and sensitive data in targeted industries such as technology, manufacturing, and healthcare.

  • Check Point: There is a notable rise in state-affiliated hacktivism using disruptive wiper malware for political objectives. These attacks emphasize the increasing involvement of nation-states in cyber warfare.
  • Verizon DBIR: Cyber espionage incidents have increased by 18%, with a significant portion attributed to nation-state actors. Industries such as technology, manufacturing, and healthcare are primary targets due to valuable intellectual property and sensitive data.

Conclusion

Now that you've reviewed these findings, I hope you have a more complete perspective of the "elephant"—in this case, the cybersecurity threat landscape. These report findings highlight the urgent necessity for organizations to comprehensively strengthen their cybersecurity defenses. Adopting a multi-layered, cyber resilience strategy, which encompasses robust defenses, proactive threat intelligence, and detailed incident response plans, is crucial for mitigating the risks posed by emerging threats and securing our digital future.

These insights can be invaluable in guiding efforts to build more resilient and secure digital environments. For more detailed insights, refer to the original reports:

See how OpenText Cybersecurity can help you face these increasing threats by visiting our Website.

Labels:

Application security

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.