Security pros expect another challenging year ahead, but instead of the pandemic, many are concerned about instability caused by rising global tensions, economic instability, and the ever-increasing threat landscape that lead to credential and data theft, and significant system downtime.
For its "2023 Global State of Cybersecurity Study," CyberRisk Alliance (CRA) based the study on an online survey among 1,300 security pros in multiple languages across 13 global markets. The data was based on a CRA/Infoblox study conducted in July/August 2022 and the survey for India was done in December 2022 and January 2023.
Here are some of the study’s high points:
- Companies are staying proactive. Since the start of the pandemic, approximately half of all organizations globally responded to the needs of their remote workforce and customers by fast-tracking digital transformations (52%), adding resources to networks and databases (45%) and increasing support for customer portals (44%). Roughly one-third of respondents said their organization hired more IT staff, moved more apps to third-party cloud providers and placed network and security controls on the edge. One in five closed physical offices, and some switched IT staff to other roles, reduced IT headcounts or decreased their reliance on third-party cloud providers.
- Threats come in all shapes and sizes. Data leakage, ransomware and cloud attacks were chief concerns for many organizations globally for the coming year. Many were also concerned about their remote worker connections, APTs, attacks through networked IoT, insider threats, supply chains or third parties and state-sponsored attacks.
- Phishing attacks are still a top concern. Globally, organizations were much more likely to have experienced a phishing attack in the past 12 months, compared to ransomware, network, cloud, application, endpoint and third-party attacks. A large majority (81%) indicated they experienced one or more email/ phishing attacks in the past 12 months, with an average of roughly 41 issues from this attack vector. Additionally, two-thirds of respondents said they experienced at least one network attack, on average, during this time period resulting in roughly 18 network issues. At least half of all respondents said their organization also suffered cloud, application, device/endpoint, ransomware and third-party/supply chain attacks, resulting in an average of roughly 12 or more issues from these attack vectors.
- Wi-Fi networks are under attack. Wi-Fi access points (34%) and cloud platforms or applications (33%) were prime sources for organization breaches in the past 12 months. Other vectors included IoT devices or networks (29%), remote employee-owned (29%) and employer-owned (24%) endpoints, insiders (26%) and unpatched DDI servers (25%). Other, less common breach sources were third parties or supply chain providers (24%), non-cloud applications (20%) and remote access programs (17%).
- Stolen data and hijacked credentials are top concerns. Among the organizations that were breached, respondents said their attackers were most likely to steal data or hijack credentials, while some victims experienced system outages and data manipulation. Attackers favored data exfiltration (51%) and credential hijacking (50%), along with command-and-control communications (38%) and privilege escalation (34%). Almost a quarter (24%) also used lateral movement to infiltrate networks. Organizations that were breached suffered system outages or downtime (48%) and data manipulation (41%) more often than sensitive data exposure (38%), data lockouts (35%), other malware infections (26%) or distributed denial of service (23%).
- Breaches cost companies more than money. The cumulative value of losses in the past 12 months from these breaches averaged $2 million, but damages sometimes went far beyond that figure. In addition to direct financial losses as well as downtime, reputational harm and response expenses, there were more troubling costs of a compromise. Globally, 10% suffered a loss of life, and another 12% reported bodily or psychological injury among a breach’s impacts.
These results point to both the enormous stress for today’s cyber security professionals, as well as potentially devastating consequences when an organization fails to protect itself — and those it serves — from threat actors.
Almost half of the organizations that were breached were likely to have experienced system outages or downtime. Many respondents (41%) also reported their data was manipulated. Some also had sensitive data exposed or stolen (38%) or locked/encrypted by ransomware (35%). Others suffered malware infections and denial-of-service attacks that temporarily shut down operations.
Despite all the challenges, the vast majority of security pros agree that developing a better understanding of the trends and working closely with company boards and stakeholders can mitigate many of these trends.