CyberEdge 2023 Cyberthreat Defense Report

CyberEdge 2023 Cyberthreat Defense Report
6 minute read

CyberEdge’s 2023 Cyberthreat Defense Report (CDR) has become the standard for assessing organizations' security posture, gauging perceptions of IT security professionals, and determining current and planned investments in IT security infrastructure.

Now in its 10th year, the 2023 CDR assesses the views of 1,200 IT security professionals representing 17 countries and 19 industries. It offers the most geographically comprehensive view of IT security perceptions in our industry, and ZeroFox is proud to be a sponsor. In this blog, we’ll review key findings from the report to help inform where you should focus your security efforts in 2023 and beyond.

Key Insights & Findings

  • 85% of organizations suffered at least one successful cyberattack last year.
  • A record 73% of organizations were compromised by ransomware last year.
  • Double and triple extortion ransomware attacks are now the norm.
  • Funding for security is rarely an issue. The typical enterprise IT security budget is increasing by more than 5% this year.
  • Malware, account takeover attacks, phishing, and ransomware are the most feared cyberthreats.
  • Among web and mobile attacks, personally identifiable information (PII) harvesting and account takeover (ATO) attacks are the most prevalent and concerning.
  • Among major IT domains, security teams are most worried about protecting industrial control systems (ICS), IoT devices, mobile devices, and APIs.

Top Cyber Threats According to Security Professionals

When asked to rate their overall concern for which cyber threats they felt the most concerned about, survey respondents said malware, account takeover attacks, phishing, and ransomware were ranked as the most-feared cyberthreats.

Malware: Malware has been at the top of the list since 2016, as it is not only a threat in itself but also a common element of many types of attacks, including ransomware, advanced persistent threats, and zero-day attacks.

Account Takeover Attacks (ATOs): ATOs retained the second slot on the list as a significant threat. Once an attacker gains access to an account, they can carry out a wide range of malicious activities, such as stealing personal or financial data, making unauthorized purchases or transactions, distributing spam or malware, and using the hijacked account to launch further attacks on other users or organizations.

Phishing/Spear-Phishing Attacks: Despite increases in training on identifying phishing attempts, humans remain the weakest link in IT security, and a lack of security awareness among employees remains a pressing concern. 
Ransomware: Although ransomware dropped from third to fourth place behind phishing this year, it remains one of the most devastating types of attacks for any organization. Despite security teams increasing investments in detecting ransomware and in backing up data, ransomware continues to be a significant threat.

Double and triple extortion ransomware attacks are now the norm

Double or more extortion ransomware is real, and very common. Once "ransomware" was synonymous with encrypting files. Now, it can involve one, two, or more threats on top of that, such as publicly releasing exfiltrated data and launching DDoS attacks to amplify pressure on victims. In fact, it usually does. Only 21.6% of ransomware attacks last year involved encryption alone. A second threat was involved in 40.9% of attacks, while 30.4% included three threats, and 72% incorporated four.

Good and bad news on ransomware: Successful attacks are up, ransom demands are bigger, but the percentage of organizations paying ransoms fell.

Double and triple extortion ransomware is now the norm: More than three-quarters of ransomware attacks (78 4%) now include two or more threats.

Assessing Security Posture

When asked to rate the adequacy of their organization’s security capabilities, IT professionals ranked attack surface reduction, third-party-risk management, user security awareness, and brand protection the lowest.

Attack Surface Reduction: While organizations are relatively happy with their capabilities for identity and access management, they are not making progress in attack surface reduction. This indicates that organizations are facing increasing challenges in identifying and eliminating unnecessary and vulnerable access points that can be exploited by attackers.

Third-Party-Risk Management: The report indicates that organizations continue to face difficulties in identifying and assessing risks associated with third-party vendors, implementing controls to mitigate those risks, and monitoring the vendors for compliance with security requirements.

User Security Awareness: While organizations have made great strides in cyber security education efforts, human error continues to be the most common point of entry for threat actors.

Brand Protection: Brand protection is an essential component of cybersecurity as it helps to safeguard an organization's reputation and financial well-being. Failure to protect a brand can result in lost revenue, reputational damage, and legal liability, making it a critical aspect of an organization’s cybersecurity strategy.

ZeroFox Helps IT Professionals Meet All of These Challenges

Threat Intelligence

ZeroFox makes intelligence collection and incident response investigations more efficient by providing broad and deep proprietary threat data at your fingertips. From compromised botnet credentials, recent malware and ransomware activity, archived Discord chatter to finished industry threat reports, ZeroFox provides an unrivaled breadth of intelligence that enables security teams to remain continuously informed about threats to their organization.

Digital Risk Protection

ZeroFox solutions help secure organizations from external threats and reduce attack surface exposures, including account takeovers (ATOs), impersonations, compromised credentials, spoofed domains, scams, and fraud in which attackers exploit brand IP, logos, messaging, executive personas, product photos, and more to defraud customers.

ZeroFox is recognized by Forrester as best-in-class for brand threat intelligence and takedown services. Our brand protection solutions empower security teams of all sizes to proactively mitigate external threats and protect revenue, reputation, and customer engagement.

Adversary Disruption

ZeroFox's Disruption Solution provides the automation and expertise to block and take down threats and impersonations across virtually any digital network, channel, global region, and use case. You can leverage a comprehensive level of threat takedown and remediation coverage across social media, global web domains, blogs, mobile app stores and APK sites, marketplaces, PII data brokers, and more.

Incident & Breach Response

Proven and trusted, ZeroFox offers leading response products and services with rapid mobilization capabilities to respond to our customers' incident and data breach needs.

With more than 20 years of response expertise, the ZeroFox team is the trusted go-to partner for best-in-class response products and services. Our incident response team is there to help organizations prepare, identify, analyze, contain, and monitor cybersecurity incidents. And our data breach response team provides flexible solutions to help notify and protect the impacted population after a data breach has occurred.

Know What You’re Up Against, Download the Report

As cyberattacks continue to evolve and increase in sophistication, it's more important than ever for organizations to understand the threats facing them and have a comprehensive cybersecurity strategy in place. To learn more about where organizations need to increase their security posture, download the full report here.

See ZeroFox in action