The Global Corporate Digital Security Landscape

Uploaded on 2024-05-16 in NEWS-Cybersecurity News, FREE TO VIEW

The 2023 Digital Universe Report produced by Obrela examines the security landscape for the entire corporate ecosystem, covering industry specific attacks as well as threat specific attacks. 

The report delivers sectoral, regional analysis and detailed descriptions of the most common forms of attack, followed by a list of the most common APT groups and their methods.  

Suspicious internal activity (35%), malware (18%) and security risks/policy violation cases were the most prevalent forms of attack in 2023, while banking, finance, the services sector and education faced the majority of attacks.

The most noticeable trends in 2023 are “Suspicious Internal Activity”, “Malware,” and security risks/ violation policies” while geopolitical tensions are manifesting in cyberspace, with Obrela reporting an uptick in state-sponsored cyber activities.

State-sponsored Advanced Persistent Threat (APT) groups are conducting espionage, data theft and disruptive attacks more frequently, often targeting government entities, critical infrastructure and sectors deemed strategic to national interests.  

Supply chain vulnerabilities are also more of a focal point for attackers seeking to compromise multiple targets through a single-entry point. Usually this is when attackers can gain access to the networks of numerous organisations at once. The ripple effect from these attacks emphasises the interconnectedness of cybersecurity risks across industries.
 
Obrela notes that cyber criminals are increasingly targeting less-protected third-party partners with privileged access to their primary target. Attackers persistently seek to infiltrate organisations by abusing the trust inherent in vendor-client connections.
 
As more and more organisations migrate to cloud services, the latest Obrela report notes attackers are shifting their focus. Misconfigurations, weak credentials, and insufficient access controls in cloud environments are being exploited to gain unauthorised access and exfiltrate sensitive data.

Ensuring visibility and security in complex, multi-cloud environments remain a challenge for many organisations.  

Another rising trend is the use of Artificial Intelligence (AI) and Machine Learning (ML) technologies in cyber-attacks. AI-driven phishing attacks, deepfakes, and automated vulnerability discovery are examples of where this technology is bolstering cyberattacks.   

The expanding footprint of the Internet of Things (IoT) and operational technology (OT) devices in industrial and consumer contexts also presents new attack surfaces.

These devices require robust security features, to avoid vulnerability by attacks that can lead to data breaches, espionage and even physical damage, which in some industries like energy and manufacturing this is crucial.  

Despite advances in security technology, human factors remain a critical vulnerability.  

Phishing and social engineering attacks, for example, continue to evolve, exploiting psychological manipulation and sophisticated impersonation techniques to trick individuals into divulging sensitive information or accidentally installing malware.  

Despite the ever-evolving advancements in cyber security defences, basic attack methods such as phishing, malware and brute force attacks continue to be highly effective. These methods exploit human errors and vulnerabilities in systems that persist over time, making them reliable tools for attackers.  

Advanced cyber-attacks often require significant resources, including time, expertise, and money. Attackers conducting simpler attacks can achieve similar goals with a much lower investment, making these techniques more appealing, especially for targeting small to medium-sized organisations with less sophisticated defences.

The VP MSS at Obrela Dr. George Papamargaritis commented: “To combat these evolving threats, we are seeing organisations increasingly adopting a multi-layered approach to cyber security, including advanced threat detection and response tools, cyber security awareness training, robust data backup and recovery plans, and a zero-trust architecture. Collaboration and information sharing between industries and governmental bodies are also crucial for staying ahead of emerging threats.”

Dr. Papamagaritis also revealed that in its threat detection and response work throughout 2023, Obrela collected some 14.5 PBs of logs, through monitoring over 500K devices/ endpoints.  Of 1.6M triaged alerts, 31.5Kcyberattack incidents were detected and foiled.

George added: “These figures underline what we are up against. As we move further into 2024, staying informed of the latest threats and continuously adapting cybersecurity strategies is evermore essential for protecting against this increasingly dynamic and sophisticated attack landscape.”

Obrela’s proprietary data reveals that the banking and finance sectors faced the most 'reconnaissance' attacks (a 37% increase compared to the same time last year) followed by education (13%). The financial sector also suffered one of the highest levels of malware attacks (a 26% year-on-year increase), while email attacks - such as fraud and phishing - affecting banking and finance most, are increasing by 43% compared to last year.

To download the full Obrela Digital Universe Report, click here: Digital Universe Report 2023 - Obrela

Image: Unpslash

You Might Also Read: 

Combatting Foreign Interference:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The US Has A New Global Cyber Security Strategy
The Ransomware Threat Landscape Is Diversifying »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Secon Cyber Security

Secon Cyber Security

Secon Cyber Security is an Advanced Managed Security Services Provider with long standing experience of providing cyber security solutions to customers ranging from small to large enterprises.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Symptai Consulting

Symptai Consulting

Symptai Consulting is a leading Cyber Security, Digital Transformation and Anti-Money Laundering firm serving the Caribbean and the wider world.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.

REAL Security

REAL Security

REAL Security is a market leader across the Adriatic region in value-added distribution in the field of IT Security & virtualisation.