More than one in five cybersecurity professionals report having had a cyber hit requiring immediate attention despite having threat-based detection and response security measures in place. According to a survey conducted by cybersecurity firm Criticalstart, 2024 Cyber Risk Landscape Peer Report, 2023’s figure of 83 percent represents a 21 percent increase from 2023.
Criticalstart also reports a sharp rise in the cost of data breaches. The average cost of a data breach reached an all-time high of $4.45 million in 2023 – a 15 percent increase over the past three years. Organizations with under 500 employees reported an average breach-impact increase from $2.92 million to $3.31 million—a rise of 13.4%.
“Instead of aiming for zero risk, which is unrealistic, organizations should invest in cybersecurity measures that balance cost with the ability to manage and mitigate the impact of breaches,” says Criticalstart.
Cybersecurity lagging behind threat actors
Most cybersecurity solutions, even those that focus on real-time threat detection, are now seen to be lagging behind the threat actors. There have been technological advances that have enabled threat actors to bypass existing cyber defenses. Artificial Intelligence (AI), for example, now enables cybercriminals to carry out social engineering – examining a potential victim’s online presence in order to craft a convincing ‘spear phishing’ email purporting to come from a trusted source. AI-driven software also enables threat actors to send out thousands of such emails at a time. There is also a growing abundance of off-the-shelf software designed to make cybercriminal’s lives easy.
Last year saw exponential growth in the number of organizations impacted by supply-chain attacks. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC), the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims. The reason behind this dramatic rise is that most organizations’ supply chains are continuing to grow exponentially as staff routinely bypass their IT department to download all kinds of useful pieces of software. Unfortunately, any supply chain is only as strong as its weakest link.
The fact that organizations are becoming increasingly blindsided by attacks that sidestep their defenses means that they must cease to see cybersecurity as either an outsourced cost issue or an offshoot of the in-house IT department. Cybersecurity must now be brought center stage and must be woven through the company’s practices and compliances. All new software services must vetted by the IT department, and all staff, particularly the higher echelons of management, must be educated to use Zero Trust when dealing with all incoming communications.
