Executive Summary
In an era where cyber threats are becoming increasingly sophisticated and pervasive, corporations are intensifying their cyber preparedness to safeguard their assets and maintain operational integrity. This report, based on the S&P Global article "Corporates Up Their Cyber Preparedness As Cyber Attacks Become More Widespread" and supplemented by various cybersecurity sources, provides an in-depth analysis of the current threat landscape. It highlights the prevalence of cyber attacks across sectors and regions, the financial and operational impacts of these incidents, and the evolving corporate responses, including the role of cyber insurance.
Technical Information
The cybersecurity landscape in 2023 is marked by a significant increase in cyber attacks, particularly targeting sectors with extensive customer data or critical services such as IT, telecommunications, media, and retail. The United States leads in the number of cyber attacks, followed by Australia and the United Kingdom. This trend is driven by the rise in cyber-related disclosure requirements globally, which is expected to enhance transparency and risk assessment.
Data breaches and ransomware attacks are the most prevalent types of cyber incidents. The Verizon 2023 Data Breach Investigations Report identifies system intrusion and ransomware as leading security threats. Many of these attacks exploit vulnerabilities in third-party vendors, underscoring the need for robust third-party risk management. The financial and operational impacts of cyber incidents are profound, with companies like MGM Resorts International and Clorox experiencing significant disruptions and financial losses. Despite the growing reliance on cyber insurance, compensation often falls short of covering all losses.
Corporations are increasingly investing in cyber insurance to manage risks, with global premiums projected to reach $23 billion by 2025. Insurance providers are raising minimum cyber hygiene standards, which could improve corporate cybersecurity in the long term. Although cyber attacks have not directly impacted credit ratings, they pose a growing threat to credit quality, particularly for lower-rated companies with limited financial resources.
Exploitation in the Wild
The surge in ransomware attacks in 2023 was fueled by exploited vulnerabilities and stolen credentials, as reported by Cybersecurity Dive. Data breaches increased by nearly 20% in 2023, with cloud misconfigurations and new ransomware types being significant contributors, according to the Harvard Business Review. These incidents highlight the critical need for corporations to enhance their cybersecurity measures and remain vigilant against evolving threats.
APT Groups using this vulnerability
Advanced Persistent Threat (APT) groups have been increasingly targeting sectors with critical infrastructure and sensitive data. While specific APT groups exploiting these vulnerabilities are not detailed in the S&P Global article, it is well-documented that groups such as APT29 and FIN7 have historically targeted sectors like IT and telecommunications in regions including the U.S., Australia, and the U.K.
Affected Product Versions
The vulnerabilities exploited in these attacks often involve outdated or misconfigured software systems. While specific product versions are not detailed in the S&P Global article, it is crucial for organizations to ensure that all software and systems are up-to-date with the latest security patches and configurations.
Workaround and Mitigation
To mitigate the risks associated with these cyber threats, corporations must implement comprehensive third-party risk management policies, enhance employee awareness and technical training, and develop robust business continuity and disaster recovery plans. These strategies can significantly reduce the risk of phishing and other employee-driven vulnerabilities, as well as mitigate operational disruptions during cyber incidents.
References
S&P Global Ratings: "Corporates Up Their Cyber Preparedness As Cyber Attacks Become More Widespread" https://www.spglobal.com/ratings/en/research/articles/231025-corporates-up-their-cyber-preparedness-as-cyber-attacks-become-more-widespread-12886049
Verizon 2023 Data Breach Investigations Report https://www.verizon.com/business/resources/reports/dbir/
Cybersecurity Dive: "CVE exploits, stolen credentials fueled ransomware surge in 2023" https://www.cybersecuritydive.com/news/cve-exploits-stolen-credentials-ransomware-surge-2023/
Harvard Business Review: "Why Data Breaches Spiked in 2023" https://hbr.org/2023/07/why-data-breaches-spiked-in-2023
Rescana is here for you
At Rescana, we are committed to helping our customers navigate the complex cybersecurity landscape with our Continuous Threat and Exposure Management (CTEM) platform. Our solutions are designed to enhance your organization's cyber resilience by providing comprehensive threat intelligence and risk management strategies. We are here to support you in safeguarding your assets and ensuring business continuity. Should you have any questions about this report or any other cybersecurity concerns, please do not hesitate to contact us at ops@rescana.com.
Comments