Today we released the findings of our latest research, The Anatomy of Cybersecurity: A Dissection of 2023’s Attack Landscape. 2023 analysis of Armis’ proprietary data, mined from the Armis Asset Intelligence Engine, offers critical insight into the multifaceted challenges global organizations face when it comes to protecting the entire attack surface.
This data is intended to help security teams worldwide communicate and prioritize key efforts in support of reducing top cyber risks and exposures in 2024. It’s our hope that by sharing these insights, global businesses and governments can both pinpoint and validate what they should be focusing on to improve their cybersecurity posture.
Hindsight is 20/20
Some of the top-level findings of the report:
Cybersecurity attack attempts increased
Armis’ data found that global attack attempts more than doubled in 2023, increasing 104%. Utilities (over 200% increase) and Manufacturing (165% increase) were the most at risk industries. Additionally, attack attempts peaked in July, with communications devices, imaging devices and manufacturing devices experiencing intensified targeting during this period.
Geopolitical tensions exacerbate the cybersecurity landscape
As Armis has continued to warn, Cyberwarfare grew more widespread in 2023. Top industries exposed to attack from Chinese and Russian actors were those within Manufacturing, Educational Services and Public Administration. In manufacturing, .cn and .ru domains contributed to an average of 30% of monthly attack attempts, while attacks from these domains on Educational Services have risen to about 10% of total attacks.
Legacy technology steepens incline of cybersecurity pros’ existing up-hill battle
Armis’ analysis found that older Windows server OS versions (2012 and earlier) are 77% more likely to experience attack attempts compared to newer Windows Server versions. This vulnerability is particularly evident in the server environment, with nearly a quarter of server versions facing end-of-support (EoS) scenarios. The Educational Services industry was found to have a significantly higher percentage of servers (41%) with unpatched weaponized Common Vulnerabilities and Exposures (CVEs), compared to the general average of 10%.
According to the data, industries still using end-of-life (EoL) or EoS OSs that are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer include Educational Services (18%), Retail (14%), Healthcare (12%), Manufacturing (11%) and Public Administration (10%).
Businesses struggle with effective vulnerability prioritization and remediation
There were over 65,000 unique CVEs discovered in 2023. Wearable devices have the highest percentage (93%) of unpatched CVEs and one-third of all devices are still not patched for Log4Shell. Further, patch rates for critical CVEs are not being effectively prioritized: Low CVEs (11% patch rate), Medium CVEs (58% patch rate), High CVEs (64% patch rate) and Critical CVEs (55% patch rate). Irrespective of the weaponization status of a CVE, organizations consistently grapple with patch rates at 62% for non-weaponized and 61% for weaponized vulnerabilities.
To read the full report please visit: https://www.armis.com/anatomy-of-cybersecurity
Blueprints Highlight Where CISOs Should Possibly Prioritize Efforts in 2024
Gaining the intelligence from the data shared above is one thing, but in order for these learnings to have a real impact, it’s crucial that security teams proactively leverage them to improve their defenses. These findings should be thought of as a blueprint to help teams focus limited resources on efforts with the greatest impact. Additionally, these insights should be leveraged to help tell data-driven stories in justification of cross-team priorities.
Moving ahead, in light of these findings, Armis recommends CISOs segment legacy technology, which can help to significantly improve network performance, reduce the risk of a cyberattack and protect critical assets. Additionally, organizations should work to prioritize exposures of the greatest significance to help security and IT teams focus their efforts on the most pressing vulnerabilities. And, last but certainly not least, utilize AI-driven technologies like Armis Centrix™, the cyber exposure management platform, that can assist security teams with defending and managing the attack surface in real-time.
As THE asset intelligence cybersecurity company, Armis feels it’s our duty to share these findings and offer actionable recommendations to help global organizations and governments to improve their cybersecurity posture. We’re committed to helping CISOs in the year ahead with the key goal of keeping society safe and secure in today’s complicated, ever-changing threat landscape.
To learn more about Armis Centrix™, please visit: https://www.armis.com/platform/armis-centrix/
For additional information about the Armis Asset Intelligence Engine, go to: https://www.armis.com/platform/armis-asset-intelligence-engine/