According to recent research conducted by Armis, the global rate of cyber attacks saw an upward surge in 2023, with the number of attempts more than doubling over the year. Out of all industries, Utilities and Manufacturing were hit the hardest, experiencing an increase in threat attempts of over 200% and 165% respectively.
The in-depth report, titled 'The Anatomy of Cybersecurity: A Dissection of 2023's Attack Landscape', enlightens on the multi-dimensional challenges organisations worldwide encounter when it comes to securing their systems against escalating cyber threats. The findings of the report act as a blueprint for global security teams, assisting them in prioritising efforts to trim down cyber risk exposure in 2024.
Nadir Izrael, CTO and Co-Founder of Armis, said, "Not only are attack attempts increasing, but cybersecurity blind spots and critical vulnerabilities are worsening, painting prime targets for malicious actors. It's critical that security teams leverage similar intelligence defensively so that they know where to prioritise efforts and fill these gaps to mitigate risk."
On a geopolitical level, the report highlighted an increase in cyber warfare in 2023, with industries in Manufacturing, Educational Services and Public Administration being prime targets for Chinese and Russian threat sectors. Attack attempts from .cn and .ru domains accounted for an average of 30% of monthly attacks on Manufacturing, whereas these domains constituted about 10% of the total attacks on Educational Services.
Another compelling revelation was the 77% higher risk of attack attempts towards older Windows server OS versions (2012 and earlier) as compared to newer versions. This vulnerability risk is glaringly evident in the server environment where nearly one quarter of server versions are approaching the end of support scenarios. The Educational Services industry shows a considerable 41% of servers with unpatched weaponised Common Vulnerabilities and Exposures (CVEs) compared to a general average of 10%.
Despite businesses attempting to manage vulnerabilities and remediation, there were over 65,000 unique CVEs discovered in 2023. Particularly concerning is that a staggering 93% of wearable devices have unpatched CVEs, and a third of all devices are still not patched for Log4Shell. Despite being instrumental in maintaining security, patch rates for critical CVEs are not prioritised with statistics indicating 11% for low CVEs, 58% for medium CVEs, 64% for high CVEs, and a 55% patch rate for critical CVEs.
Curtis Simpson, CISO at Armis, believes that tools like the report released by Armis are invaluable. "These help teams focus limited resources on efforts with the greatest impact and with the insights to tell data-driven stories in justification of cross-team priorities." Using retrospective data and continued analysis, security teams can better plan for 2024 by focusing on outdated technology, prioritising significant exposures and harnessing AI-driven technologies for real-time defence and attack surface management.