This article was written by Brandon Agostinelli- Managing Security Consultant at FoxPointe Solutions, a division of The Bonadio Group
With 2024 upon us, it is time for us to assess the current trends across the cybersecurity landscape, identify new risks and new solutions, and speculate about what next year may bring. With each month that goes by, there are new headlines, laws and regulations, and general cybersecurity issues that organizations across all industries must make note of and prepare for. Looking at cybersecurity trends from both a macro level and a year to year level helps provide some well-needed perspective. The world of cybersecurity is an ever-changing landscape, and it is important to sit back, assess the current environment, and prepare for what current trends may mean for the future. All industries that deal with sensitive and legally protected data (including but not limited to education, healthcare, finance, energy, retail, and manufacturing) have faced many emerging threats and growing areas of risk over the course of prior months and years; here are just a few areas that will require focused attention going into 2024.
User Error and Social Engineering
According to the 2023 Verizon Data Breach Investigations Report (DBIR), 74% of all breaches involved the element of “human error”, which includes social engineering, information system privilege misuse or abuse, and technical errors. As you can imagine, the element of human error can take on many forms, but a particular form of attack has spiked over the last year. Pretexting is a type of social engineering method in which the cybercriminal creates a deceptive scenario for the purposes of setting up and increasing the success rate of an eventual phishing attempt to gain access to protected information and/or systems. A typical example of this is utilizing a form of impersonation (virtually or in person) to build a relationship as a façade to setup a scenario down the road that will result in a more easily executed phishing or social engineering attempt. Incidents involving methods of pretexting have increased nearly two-fold year over year, and now account for over 50% of all social engineering incidents. Emphasis on regular trainings for all organization users on how to spot and report these types of attacks, and social engineering in general, has never been more important, and that will continue to be the case in 2024.
Ransomware continues to be one of the most prevalent “threats” or “actions” against organizations across all industries that result in breaches and incidents. The 2023 DBIR notes that among all breaches, ransomware was present in 24% of them. This number has appeared to plateau, with the same result being identified in 2022. What does this mean? Following a sharp increase in the prevalence in ransomware year over year since 2019, this could mean that while there is not necessarily an increase in the percentage of ransomware in breaches, it certainly means that ransomware may be here to stay (at least for now). Ransomware is still the method of choice for organized crime actors or groups, accounting for 62% of all incidents that involved organized crime, according to the 2023 DBIR. And for over 90% of the industries researched as part of the yearly DBIR, ransomware was among the top three types of incidents.
Technical Vulnerabilities and Misconfiguration
Because error-related breaches comprise such a large portion of breaches, let’s dig into them a little more from a different angle than social engineering. Information system misconfiguration resulting in exploitable vulnerabilities caused 21% of the error-related breaches, according to the 2023 DBIR. Additionally, of these types of breaches, the original source of the error that caused the breaches is comprised mostly of organization developers and system administrators. This is not to say that these types of users are more ‘at fault’; it is simply an observation that given the sensitivity of these roles, responsibilities for maintaining systems, and access to information, it makes sense that the root of any breach might be with the most sensitive aspects of an organization’s environment. Going into 2024, performance of regular technical testing (such as vulnerability scanning and penetration testing) against managed networks, applications, and services to help identify and mitigate vulnerabilities and system misconfiguration will continue to be at the top of our recommendation list.
Lost and Stolen Devices
Phones and laptops are a massive part of our way of life at this point, and they quite literally never leave our side at home or at our place of work. With that said, about 20% of breaches involved lost or stolen devices used by individuals to perform their jobs. Educating users on awareness and best practices for physically securing their devices will continue to be vital, especially considering that the portability of our jobs is only going to continue to increase over time. Additionally, encrypting portable devices, such as laptops and mobile phones, is the best way to ensure that incidents in which devices are lost or stolen do not become breaches, meaning that confirmed exfiltration of data from devices does not occur. Less than 10% of all lost or stolen asset incidents resulted in a data breach this past year (according to the 2023 DBIR), signifying that organizations are more commonly relying on the enforcement of encryption to mitigate risk.
For more information, you can download the full 2023 DBIR here: 2023 Data Breach Investigations Report | Verizon