Security operations by the numbers: 30 cybersecurity stats that matter
Enterprise IT and security operations (SecOps) leaders are under growing pressure from threat actors pounding away at their infrastructure defenses using a variety of new and proven tactics, techniques and procedures.
Phishing, vulnerability exploits, and credential theft continue to be popular vectors for initial access. But increasingly threat actors have also begun leveraging weaknesses in the software supply chain and — more recently — AI-enabled tools and techniques to break into organizational networks.
The trends have complicated an already complex cyber risk management challenge and heightened breach risks for many organizations. Here’s a curated list of 30 cybersecurity stats from reliable industry sources on some of the most important trends facing cybersecurity front over the past year.
Breaches and attacks
6.06 billion: The total number of malware attacks
The number of malware attacks for 2023 represented a 11% increase in malware attacks over 2022. Attacks involving cryptojacking increased 659% over the same period while those involving encrypted threats shot up 117%.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
$4.45 million: The global average cost of a data breach
Data breach cost continue to tick upwards steadily. Between 2023 and 2023 the average cost of a data breach globally increased 15.3% from $3.86 million to $4.45 million.
Source: Cost of a Data Breach Report 2023, IBM
$1.68 million: Average data breach cost savings among DevSecOps adopters
Among organizations with a high level of DevSecOps adoption alongside robust incident response planning and testing had a higher success rate than others in containing the cost of a data breach.
Source: Cost of a Data Breach Report 2023, IBM
14%: Breaches in which a software vulnerability was used to gain initial access
In 2023, the percentage of incidents investigated that involved vulnerability exploits as an initial access vector tripled compared to the previous year.
Source: 2024 Data Breach Investigations Report, Verizon
68%: Breaches involving social engineering — or user error
The proportion of breaches involving the human element remained largely unchanged over the prior year, highlighting the importance of security awareness training.
Source: 2024 Data Breach Investigations Report, Verizon
37%: Percentage of breaches in 2023 that resulted in data theft
Other common post-compromise activity included financial gain (36%) and extortion (11%).
M-Trends 2024 Special Report, Mandiant
62%: Intrusions where attackers abused of valid accounts
Credential abuse — especially incidents involving the use of privileged domain accounts and default accounts — contributed to a high percentage of security incidents in 2023.
Source: 2023 Threat Hunting Report, CrowdStrike
160%: Increase in secrets and other credential attacks involving cloud metadata APIs
Threat actors are increasingly exploiting weaknesses in cloud environments to probe organizations for privileged credentials.
Source: 2023 Threat Hunting Report, CrowdStrike
266%: The increase in cybercriminal use of information stealers
Threat groups that previously specialized in ransomware have increased turned to infostealers for many of their campaigns. The most notable among these stealers were Rhadamanthys, LummaC2 and StrelaStealer.
Source: Threat Intelligence Index 2024, IBM X-Force
7.6 trillion: Attempts at unauthorized access via vulnerability exploit
The number of attempts that threat actors made in 2023 to gain unauthorized access to a protected system or service via a vulnerability exploit has increased steadily over the past decade — up 613% from 2013.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
22.3%: Observed attacks that involved Living off the Land binaries (LOLBINs)
Of these 2023 LOLBIN attacks, more than nine-in-10 (92%) included Rundll32, Msiexec, and Mshta.
Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest
75.8%: Percentage of nation-state actor attacks involving Living off the Land techniques
Other common attack vectors that nation-state actors leveraged last year included custom malware (63.7%), off-the-shelf tools (62.6%) and software supply chain attacks (54.9%).
Source: 2024 Threat Hunting Survey, SANS Research Program
Vulnerabilities and threats
67%: Percentage of organizations with one critical vulnerability in their enviornment
Despite growing risks, many organizations lagged behind on vulnerability management last year. More than nine-in-10 organizations had at least one CVE in their environment with known exploits. Another 25% had five or more CVEs.
Source: Threat Intelligence Index 2024, IBM X-Force
260,773: The number of vulnerabilities, exploits, and zero-days from 1988-2023
Cumulative software vulnerabilities continued to present a major breach risk for organizations last year, as they have for more than three decades.
Source: Threat Intelligence Index 2024, IBM X-Force
84,245: The number of total vulnerabilities and zero-days with known exploits since 1988
While the cumulative number of flaws with known exploits is holding steady, only 7,506 of the vulnerabilities (7%) were zero-day threats.
Source: Threat Intelligence Index 2024, IBM X-Force
32%: Percentage of organizations able to evaluate AI-generated code for security risk, etc.
Despite burgeoning use of AI tools such as OpenAI Codex, ChatGPT and GitHub Copilot in software development, less than one-third of organizations have the ability to detect potential security issues, licensing and other quality issues in the code.
The State of Supply Chain Security Risks, Synopsys
74%: CISOs and security leaders who described AI-powered cyberthreats as significant
While Gen AI technologies such as ChatGPT and GitHub CoPilot are transforming enterprise IT infrastructures, a recent survey found they are also giving threat actors a handy way to refine their attacks.
Source: State of AI Cybersecurity 2024, Darktrace
60%: Security leaders who say their organizations are not prepared for AI-enabled threats
Nearly all IT and security leaders (96%) believe AI-driven security products will better prepare them for next generation AI-powered cyberattacks.
Source: State of AI Cybersecurity 2024, Darktrace
Software supply chain security
54%: The percentage of organizations that experienced a software supply chain attack
Fifty percent of the victim organizations took more than one month to respond to these attacks in 2023, while about 20% said their mechanisms for detecting and responding to supply chain attacks were ineffective.
Source: The State of Supply Chain Security Risks, Synopsys
15%: Percentage of software supply chain breaches involving a third-party
Incidents where an intrusion resulted from a software vulnerability or compromise at a third-party (data custodian or infrastructure provider) surged 68% last year, fueled largely by zero-day exploits.
Source: 2024 Data Breach Investigations Report, Verizon
28%: The increase in malicious packages on the npm and PyPI repositories
Attackers increasingly tried to breach enterprise software development environments last year by planting weaponized packages and libraries on two of the most widely used public code repositories.
Source: The State of Software Supply Chain Security 2024, ReversingLabs
11,000: The number of malicious packages uploaded to npm, PyPI and RubyGems
In many cases, threat actors uploaded malicious package that were obfuscated or encrypted making them hard to detect by conventional tools in 2023.
Source: The State of Software Supply Chain Security 2024, ReversingLabs
$45 billion: The global cost of software supply chain attacks
While the number in 2023 is staggering, by 2031 the financial costs to organizations globally from supply chain attacks will soar to $138 billion.
Source: 2023 Software Supply Chain Attack Report, Snyk
Ransomware
36%: The decrease in ransomware attacks globally year over year
Researchers recorded 317.6 million ransomware attacks last year, which represented a substantial year-over-year decline compared to 2022. All regions, including North America and Europe, witnessed a fall in ransomware volumes in 2023. The only exception was Asia, which experienced a sharp increase.
Source: 2024 SonicWall Cyber Threat Report, SonicWall
59%: The percentage of security leaders who say they have experienced a ransomware attack
Respondents in a survey of 5,000 IT and security pros noted the volume of reported ransomware attacks last year was lower than in the previous two years. In both 2023 and 2022, 66% of organizations experienced at least one ransomware attack.
Source: The State of Ransomware 2024: Sophos
49%: Ransomware attacks on average impacted 49% of a victim organization’s computers
Contrary to perception, ransomware attacks rarely result in all computers at an organization getting encrypted. In fact, only 4% of ransomware victims last year reported their full environment as being encrypted.
Source: The State of Ransomware 2024: Sophos
Incident response
10: The global median dwell time in days after an initial compromise
Enterprise organizations are getting better at detecting intruders in their environment. In 2022, the median dwell time (the duration for which an attacker remained undetected on a network) was 16 days. Ten years ago, that number was 205 days.
Source: M-Trends 2024 Special Report, Mandiant
54%: Organizations that learned about breaches, ransomware etc. from an external source
Most organizations still first learn about a security incident in their environment only from a security vendor, law enforcement agency, industry partner, customer or other external entity, such as a ransomware actor.
Source: M-Trends 2024 Special Report, Mandiant
58 minutes: The average MTTR to security incident for organizations using AI and automation
In contrast, organizations that utilized traditional incident detection and response mechanisms had an average MTTR (Mean Time to Respond) of 2.3 days
Source: ReliaQuest Annual Cyber-Threat Report: 2024, ReliaQuest
50.8%: Organizations that have implemented threat-hunting in their environment
Another 35% have implemented ad hoc methods to hunt down threats and 13% plan to implement a threat hunting capability soon.
Source: 2024 Threat Hunting Survey, SANS Research Program
*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Jai Vijayan. Read the original post at: https://www.reversinglabs.com/blog/secops-by-the-numbers-stats-that-matter