Last year proved challenging for security and IT decision-makers who dealt with an onslaught of new cyberthreats. According to Armis Labs’ The Anatomy of Cybersecurity: A Dissection of 2023’s Attack Landscape, the year brought a surge in cyberthreats that left organizations grappling with a complex array of challenges.
“This included the growing adoption of AI by bad actors rivaling – and sometimes surpassing – that of organizations’ technology teams,” Armis points out in the report. “Meanwhile, there’s the ongoing need to balance the security challenges of hybrid work.”
The company says it’s not just new threats and technological advancements that pose a risk. Today’s organizations and security teams, irrespective of size and stature, are engulfed in a deluge of data. “It’s not just information; it’s a tidal wave of potential threats, risks, vulnerabilities and anomalies,” the company explains. “This itself has become a colossal challenge, and one that’s only expected to get worse without action.”
Attacks Doubled in 2023
Armis’ security report highlights the key data points from 2023 and offers a snapshot into the global cybersecurity landscape. Here are some of the key highlights from the report:
- Cyberattack attempts rose by 104% in 2023.
- Attacks on manufacturing firms (in general) increased by 165%.
- Attack attempts on the utility industry rose by 200%.
- Older Windows server OS versions (2012 and earlier) are 77% more likely to experience attack attempts over 65,000 unique common vulnerabilities and exposures (CVEs) discovered in 2023.
- 93% of wearable devices have the highest percentage of unpatched CVEs.
- A third of all devices are still not patched for Log4Shell (a software vulnerability in Apache Log4j 2, a Java library used to log error messages in applications).
- The educational services industry has a significantly higher percentage of servers with unpatched weaponized CVEs (41%), compared to the general average of 10%.
- In the healthcare industry, 45% of personal computers are at risk.
How it all Went Down
According to Armis, the first half of 2023 saw more high-profile cyberattacks occurring than the second half. Some of the most highly-publicized attacks included the T-Mobile data breach and the PharMerica breach. The latter was the largest healthcare data breach to be reported by a single HIPAA-covered entity in 2023.
Armis says the second half of the year saw a consistent month-over-month increase in attack attempts of around 13%. This included attacks across an array of industries, including healthcare, finance and insurance, and transportation.
“As technology becomes more intertwined with our daily lives and the attack surface continues to grow, so does the threat of an attack,” the company says. “The repercussions of an attack or a breach can disrupt industries and services, compromise reputation as well as sensitive information, and, in some cases, pose threats to national security; something that became a common theme in the headlines [last year].”
Acting with Strategic Foresight
Cyber-resilience clearly came under attack in 2023, and Armis says the key is to learn from those experiences and deploy solutions that help IT and security professionals manage and cope with the deluge of data.
To companies that want to do a better job in this area, Armis says a good first step is to gain complete visibility into your “attack surface.” This involves identifying all devices—including known and unknown physical and virtual assets—that are connected to your network. It also advises companies to think proactively about cybersecurity instead of waiting for “something to happen” and being forced to make reactive moves.
“Organizations must go beyond reacting to opponents’ moves,” it says. “They must anticipate and counteract with strategic foresight.”