A cybersecurity company has taken a look at last year's threat landscape. The results provide critical insights into the diverse challenges and support IT security teams in the fight against cyberattacks in 2024.
The new report, "The Anatomy of Cybersecurity: A Dissection of 2023's Attack Landscape," shows that utilities (up over 200 percent) and manufacturing (up 165 percent) were the most vulnerable industries. Attack attempts peaked in July, with communications, imaging and production equipment increasingly affected during this period.
Cyberattacks and vulnerabilities have increased
“Armis has seen not only an increase in the number of attack attempts, but also an increase in blind spots and critical vulnerabilities within the organizations themselves. This makes the vulnerabilities a prime target for malicious actors,” said Nadir Izrael, CTO and co-founder of Armis. “Security teams should use similar information when prioritizing their actions. You are then able to close the security gaps and minimize your cyber risks. We hope businesses and governments will use these insights to quickly identify which areas they should focus on this year. This will improve their cybersecurity measures to ensure the safety and security of critical infrastructure and the economy and society as a whole.”
Key findings from the research report include:
Geopolitical tensions are exacerbating the cyber threat landscape
- Cyberwarfare has expanded in 2023. The industries most affected by cyberattacks by Chinese and Russian threat actors were manufacturing, education and public administration
- In the manufacturing sector, .cn and .ru domains contributed to an average of 30 percent of monthly attack attempts, while attacks from these domains on educational services rose to about 10 percent of total attacks.
Legacy technologies increase the challenges
- Older Windows Server operating system versions (2012 and earlier) are more likely to be affected by attack attempts compared to newer Windows Server versions (77 percent).
- A quarter of software stocks on servers are affected by end-of-support scenarios. In the education sector, the proportion of servers with unpatched security vulnerabilities (41 percent) is significantly higher than the general average (10 percent).
- Industries that most commonly use End of Life (EoL) or EoS (End of Support) operating systems are: Education (18 percent), Retail (14 percent), Healthcare (12 percent), Manufacturing (11 percent ) and public administration (10 percent).
Companies struggle to effectively prioritize and remediate vulnerabilities
- In 2023, over 65.000 individual CVEs were discovered.
- Portable devices have the highest percentage (93 percent) of unpatched CVEs.
- A third of all devices are still not patched for Log4Shell.
- Patch rates for critical CVEs are not prioritized:
o Low CVEs: 11 percent patch rate
o Mean CVEs: 58 percent patch rate
o High CVEs: 64 percent patch rate
o Critical CVEs: 55 percent patch rate - Regardless of the exploit status of a CVE, organizations consistently experience patch rates of 62 percent for unexploited vulnerabilities and 61 percent for exploited vulnerabilities.
Defend cyberattacks using AI-driven technologies
“Blueprints like this report are extremely valuable because they help teams focus their limited resources on the actions that have the greatest impact. These data-driven insights allow them to justify priorities across teams,” explains Curtis Simpson, CISO at Armis. “Using reviews and analyzed data allows CISOs to focus their efforts in 2024 on segmenting legacy technologies, prioritizing key vulnerabilities, and leveraging AI-driven technologies. These can help security teams defend and manage the attack surface in real time.”
The proprietary data used for this report comes from Armis' Asset Intelligence Engine. The Asset Intelligence Engine is a collective AI-powered knowledge base that monitors billions of assets worldwide to identify cyber risk patterns and behaviors. It powers the Armis Centrix™ platform with unique, actionable cyber intelligence data to detect and combat threats in real-time across the entire attack surface.
Go directly to the report on Armis.com
About Armis
Armis, the cybersecurity asset intelligence company, protects the entire attack surface and manages the organization's cyber risk in real-time. In a rapidly evolving, borderless world, Armis ensures companies can continuously see, protect and manage all critical assets.