Business Email Compromise (BEC) Attacks Dominate Cybersecurity Threats; 70% of Businesses Targeted by BECs in 2023 [Source: PR NEWSROOM]
Snippet:
- Majority of business leaders view ransomware as top concern as demands increase, accelerating cyber insurance adoption;
- IT leaders anxiously await solutions to combat data exfiltration threats in 2024
Arctic Wolf, a global leader in security operations, published findings from its annual State of Cybersecurity: 2024 Trends Report, based on a global survey the company commissioned from Sapio Research of over 1,000 senior IT and cybersecurity decision-makers from over fifteen different countries.
The State of Cybersecurity: 2024 Trends Report provides security executives and practitioners with insights into the current and future state of the cybersecurity landscape so they can help their organizations deliver positive security outcomes in an ever-evolving threat environment and remain at the forefront of cyber defense.
The State of Cybersecurity: 2024 Trends Report provides security executives and practitioners with insights into the current and future state of the cybersecurity landscape so they can help their organizations deliver positive security outcomes in an ever-evolving threat environment and remain at the forefront of cyber defense.
Also Read: How Security Orchestration Automation and Response (SOAR) Streamlines Incident Response?
Key findings from the report include:
#1 Business Email Compromise (BEC) Now Top Method of Attack:
Almost three quarters (70%) of organizations were the targets of attempted BEC attacks in the last year, with almost a third (29%) of these targets becoming victims of one or more successful BEC occurrences.
#2 Successful Data Exfiltration Dominates Rampant Ransomware Attacks:
Nearly half (45%) of respondents claim their organization suffered a ransomware attack in the last 12 months, an increase from last year, with the majority (86%) of those attacks including successful data exfiltration.
#3 Breach Disclosure Regulations Are Forcing Transparency:
Two thirds (66%) of organizations that suffered a data breach in the last year chose to publicly disclose information regarding their incidents, while a third (30%) only disclosed their breaches to impacted parties.
#6 Cyber Insurance Is the New Table Stakes in Risk Management:
Cyber insurance demand and adoption is widespread, with an exceedingly small fraction (5%) of organizations deciding not to acquire coverage. Of the remaining organizations surveyed, the majority (66%) have an active cyber insurance policy, while a near additional third (29%) are in the process of obtaining or planning to obtain a policy this year.
#7 With Rise of Generative AI, Usage Policies Are a Priority for Organizations:
A staggering majority of organizations (94%) either currently have or plan to implement adoption and usage policies around generative AI and large language models (LLM) tools this year.
“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organizations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, vice president, Managed Detection and Response (MDR), Arctic Wolf.
Ian added, “While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware.”
Also Read: Top 10 Cybersecurity Forecasts and Statistics of 2024
FAQs
1. What is a BEC Attack?
Business Email Compromise (BEC) attack is a phishing attack that targets tricking employees into performing harmful actions, which more often than not results in monetary loss for the company. This sophisticated method of attack involves impersonating trusted individuals or entities to deceive employees into transferring funds or disclosing sensitive information. BEC attacks are highly damaging and costly and represent a serious threat to businesses worldwide, with losses amounting to billions of dollars annually.
2. What are data exfiltration threats?
Data exfiltration, also referred to as data extrusion or data exportation, entails the deliberate and unauthorized transfer of data from a computer or device, constituting data theft. This process can occur either manually or through automated means, often facilitated by malware.
3. How to implement MDR Solutions against cyber threats?
Implementing MDR solution against cyber threats includes the following steps:
Step 1: Prioritize
MDR empowers security teams to manage the storm of alerts by separating false positives from real threats.
Step 2: Hunt
MDR threat hunts proactively 24/7 to uncover stealthy cyber threats.
Step 3: Investigate
Deep threat investigation by MDR analysts provides complete context for response planning.
Step 4: Remediate
MDR acts to neutralize cyberattacks and restore network integrity.
Step 5: Neutralize
Analysts conduct root cause analysis to eradicate attackers and prevent future threats.
4. Top features of an MDR solution:
1. Continuous Monitoring
2. Automated Incident Response with SOAR
3. Advanced Threat Detection
4. Cloud Monitoring
5. Vulnerability Scanning
5. Top AI-powered MDR vendors
- Arctic Wolf Networks
- CrowdStrike
- SentinelOne
- Sophos
- Rapid7
[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]
