There is so much news about cybercrime that you might get the idea that it is happening to everyone everywhere – to all organizations of all sizes and across all industries. Certainly, there is some truth to the statement that all are at risk. But it remains a generality.
Orange Cyberdefense’s Security Navigator 2023 report makes it clear that specific industries, company sizes, and architectures are far more likely to be targeted and breached than others. So, should you be worried? Let’s take a closer look at the areas that pose the most risk, and the targets cybercriminals are most likely to go after.
Most Likely to Be Victimized
The report delivered insights from around 100,000 incidents worldwide. Here are the major findings:
- Asia and Europe are surging as hot cyber-extortion destinations, but North America remains a key target. From 2021 to 2022, an increase was observed in the number of victims from Europe (+18%) the UK (+21%), East Asia (+44), and especially the Nordic countries (+138%). North America, too, remains heavily attacked, but a little less so than before. 2022 showed the USA down by 8% and Canada by as much as 32%.
- Small businesses are under the gun. The study found that 4.5x more small businesses fell victim to cyber extortion than medium and large businesses combined. This indicates a clear shift in tactics by cybercriminals as they have noted the lax defenses that often exist in the SMB sector. That said, large businesses can’t rest easy. In terms of sheer volume of attacks, they suffered by far the most attacks, and were also the most heavily impacted when they did get breached.
- The manufacturing sector is in danger. The report found that manufacturers were the most likely to fall victim to cyber-extortion. It attributed this fact to poor IT vulnerability management among large manufacturers and the fact that they often rely on legacy infrastructure. As a result, they possess a lot of non-IT operational technology (OT) systems that are rarely as well secured as IT infrastructure.
- Malware was the most prominent attack vector, appearing in 40% of all incidents processed. Network and application anomalies were the second highest incident type but dropped in frequency from 22% down to 19%.
- 47% of all security incidents detected originated from internal actors. Whether deliberate or accidental, insider threats are growing. As well as from sheer malice, this can be due to misconfiguration, unpatched systems, or other errors made within companies.
- Criminal groups are evolving fast. From the top 20 actors list observed in 2021, 14 are no longer in the top 20 of 2022. After Conti disbanded in Q2 2022, Lockbit2 and Lockbit3 become the biggest cyber extortion actors in 2022 with over 900 victims combined.
How to Avoid Becoming a Victim
The report laid out a series of key steps that organizations can take to ensure they do not land on the naughty list (also known as the cybersecurity victims list):
- Implement multifactor authentication (MFA) on authentication interfaces
- Frequently backup business-critical assets and complement this with offline backups.
- Test the integrity of these backups regularly by restoring critical functions.
- Implement or upgrade endpoint protection and anti-malware systems.
- Install defenses against Distributed Denial of Service (DDoS) attacks.
- Configure firewalls and other perimeter equipment to allow only the minimum of outbound traffic to the internet.
- Monitor outbound traffic closely for anomalies.
- Identify trust boundaries and implement tight controls for services and users that want to cross into those zones. Least privilege and Zero Trust concepts can also apply here as well as network segmentation.
- Identify and patch any internet-facing technologies, especially Remote Access like VNC and Microsoft RDP, Secure Remote Access like VPNs, and other security technologies like firewalls.
- Continuous vulnerability management
- Prioritize patches based on whether vulnerabilities have known working exploits. This is applicable to infrastructure as well as end-user software or devices. Internet-facing services with known vulnerabilities must be patched.
Syxsense Enterprise takes care of the last three points while providing a Zero Trust framework. It offers automated patch testing, deployment, and prioritization, as well as continuous vulnerability scanning, mobile device management (MDM), IT management, and automated remediation.
For more information, visit: www.Syxsense.com