As we approach the end of the year, we’ve begun to analyse some of the more prominent cybersecurity and threat reports that came out in 2024, and zero in on common patterns.
An important report published this month that we’ve included is Microsoft’s Annual Digital Defense Report 2024. We also collate key findings from two of the most trusted data breach studies published each year – Verizon’s Data Breach Investigations Report (DBIR) and IBM’s Cost of a Data Breach Report. For ransomware trends, we look at the Sophos State of Ransomware Report 2024, and for the threat landscape in Europe, the ENISA Threat Landscape 2024.
Data Breach Costs Continue to Rise
- The global average cost of a data breach increased by 10% from 2023 to 2024, reaching USD 4.88 million driven by increased business disruption and post-breach expenses.
- The United States, as before, had the highest average data breach cost at USD 9.36 million
- Organizations are passing on these costs to customers, potentially impacting their competitiveness in inflationary markets.
Vulnerability Exploitation
- 19,754 vulnerabilities were identified from July 2023 to June 2024, with 9.3% categorized as critical and 21.8% as high.
- The use of vulnerabilities as a critical path to initiate a breach has seen a substantial increase, almost tripling from last year. This trend is largely attributed to the widespread impact of zero-day vulnerabilities like MOVEit.
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Ransomware attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
DDoS Attacks
- Application-layer DDoS attacks became more common, posing greater risks to business availability. These attacks are stealthier, more sophisticated, and harder to mitigate than network-level attacks.
- DDoS-as-a-Service or DDoS-for-Hire: Unskilled users could launch large-scale DDoS attacks using readily available services, making it easier for individuals and groups to engage in this type of cybercrime.
- In Europe, DDoS attacks and ransomware were the most common threats, accounting for over half of observed incidents. The high prevalence of DDoS attack was partly due to ongoing geopolitical tensions.
Supply Chain Threats
- Breaches involving third parties, including partner infrastructure and software supply chain issues, increased significantly, reaching 15% this year. This was primarily driven by the exploitation of zero-day vulnerabilities for ransomware and extortion attacks.
- In many cases, social engineering attacks were used to target supply chains, exploiting vulnerabilities in open-source projects and software development processes.
Cybersecurity Skills Shortage Persists
- Around 53 percent of breached organizations faced severe security staffing shortages, contributing to increased breach costs.
- The average cost of a breach for organizations with security staffing shortages was $5.74 million, $860,000 higher than the global average.
Phishing and Social Engineering
- The human element, of which phishing is a critical part, was present in 68 percent of data breaches, according the Verizon DBIR.
- In ransomware incidents, specifically, email-based approaches, including phishing and malicious emails, continued to be significant entry points for ransomware actors. Threat actors used GenAI-as-a-Service, tools such as FraudGPT and large language models to co-author scam emails and generate malicious PowerShell scripts.
- The reporting rate of phishing went up, indicating increased awareness. However, the median time to click on a malicious link remains alarmingly low (under a minute), highlighting the need for continuous security awareness training and education.
GenAI used for both Defense and Cybercrime
- AI has been used by threat actors for mass content production for phishing, disinformation and influence campaigns; amplifying threats by means such as automated malware generation and C&C infrastructure, which has further lowered barriers to entry for amateur operators
- It has also been extremely effective at finding, researching and carrying out campaigns against lucrative targets, and impersonation (deepfakes, faster research on individuals, spear phishing email creation at scale)
- At the defense end, organizations that applied security AI and automation lowered breach costs by an average of USD 2.2 million.
- These solutions help identify and contain breaches faster, reducing the overall impact.
- There has also been emphasis on the need for better data governance for secure and compliant use of the data accessed, handled and generated by GenAI platforms and avoiding the proliferation of shadow data.
Rise in Tech Scams and Living Off The Land (LOTL)
- Tech scams surged 400% from 2021 to 2023. These scams often involve impersonating legitimate services or using fake tech support and ads to trick users into revealing sensitive information.
- Threat actors were able to leverage trusted cloud services to evade detection and disguise their malicious activities.
Effective Data Breach Handling with AI and Law Enforcement Involvement
Two interesting findings revealed in the Cost of a Data Breach Report were that breach costs were significantly lower for organizations using AI and automation in their defense processes ($2.2 million lower than average) and for organizations that involved law enforcement agencies in breach handling ($1 million lower than average). Law enforcement also helped shorten the time to identify and contain breaches.
Ransomware Trends
The overall rate of ransomware attacks decreased slightly from previous years, with 59% of organizations affected in 2024.
Ransomware and extortion together accounted for 32% of breaches. While traditional ransomware attacks have declined slightly, the overall impact of these threats has grown due to the increasing prevalence of extortion techniques.
Ransom Demands and Payments:
- Ransom demands averaged $4.3 million, with a significant portion (63%) exceeding $1 million.
- Victims rarely paid the full amount demanded, with 44% negotiating lower payments.
- Insurance providers were involved in 83% of ransom payments, but rarely covered the full amount.
Ransom Funding:
- Ransom funding often involved multiple sources, with the organization itself being the primary contributor.
- Insurance providers played a significant role, covering 23% of ransom payments on average.
Impact on Computers:
- On average, ransomware attacks affected just under half of an organization’s computers.
- The impact varied by organization size and industry, with larger organizations and certain sectors experiencing more extensive damage.
Root Causes:
- Exploited vulnerabilities remained the most common root cause of ransomware attacks.
- Email-based approaches, including phishing and malicious emails, were also significant factors.
- Attacks originating from unpatched vulnerabilities had more severe consequences, including higher ransom demands and longer recovery times.
Conclusion
The cyber risk landscape in 2024 was characterized by a complex interplay of existing and evolving threats as well as emerging technologies. Organizations must adapt their security strategies to address the challenges posed by unaddressed vulnerabilities, supply chain attacks, phishing, and the advanced toolset available to threat actors. The effective use of AI, coupled with robust data governance practices, foundational security controls and collaboration with law enforcement, can reduce risk to a great extent.
The use of AI for defense purposes, in particular, can become a key differentiator for organizations looking to stay ahead of cybercriminals. While AI can be a force multiplier for bad actors, it has also been shown to deliver great success in threat detection, reducing response time and minimizing the impact of cyber incidents.
In the coming weeks, we will delve deeper into some of the defense strategies that have been effective for security-focused organizations in 2024, and the lessons for 2025.
How CYRISMA can help
CYRISMA brings together essential cyber risk management and compliance features in a single easy-to-use and affordably priced SaaS platform. Features include vulnerability and patch management, secure configuration scanning, sensitive data discovery (on-prem and in the cloud), compliance tracking and assessment, cyber risk quantification, dark web monitoring, risk mitigation, risk assessment scorecards, reporting and more! The best part? ALL features and future updates are included in our standard pricing per endpoint. Sounds interesting? Book a demo here.