Want to get the best bird's eye view perspective on the cybersecurity risks and threats landscape? Review the annually produced reports by leading firms that exercise their in-depth industry expertise, connections and exposure to highlight the landscape and key trends.
We scour all available reports so we here at SEIRIM are as well-informed as possible regarding trends and insights to help benefit our cybersecurity clients.
From our perspective, the following reports provided the most authoritative and useful reviews of the previous year:
2023 Microsoft Digital Defense Report
Great for: Understanding trends, potential blindspots in organizations, and how to prioritize mitigation efforts.
2023 Data Breach Investigations Report
Great for: Easy to understand takeaways, breakdowns of threats, attack types, categories and more. This may be a good document to share with an executive for them to understand the cybersecurity the most readily and quickly.
Example takeaway: 74% of all breaches include the human element, with people
being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.
https://www.elastic.co/explore/security-without-limits/global-threat-report 2023 Elastic Global Threat Report
Great for: Overviews and understanding of specifics and categorizations of code threats, like the details of the top ransomware families:
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/ ESET Threat Report H2 2023
Great for: More in-depth, case study presentations to understand threats in more detail.
SANS: https://www.sans.org/white-papers/2023-cti-survey-keeping-up-changing-threat-landscape/ SANS 2023 Cyber Threat Intelligence Survey
Great for: Workers in cybersecurity to glance at the concerns of other industry insiders.
SANS: https://www.sans.org/white-papers/sans-2024-threat-hunting-survey-hunting-normal-within-chaos/ SANS 2024 Threat Hunting Survey
Great for: Workers cybersecurity threat hunting to glean industry insights on trends and areas of focus.
Delinea: https://delinea.com/resources/ransomware-2024-research-report State of Ransomware 2024
Great for: Quick overview of ransomware threats and mitigation efforts.
Fortinet: https://www.fortinet.com/demand/gated/threat-report-1h-2023 FortiGuard Labs 1H 2023 Global Threat Landscape Report
Great for: Details and specifics on attack types and methods.
Example takeaway: "The count of unique exploit detections is up 68% over the past five years. This indicates that we have more ways to detect malicious attacks today than we have previously. Additionally, it demonstrates that attackers are multiplying and diversifying their exploits. But at the same time, we observed a 75% drop in exploitation attempts per organization and a 10% dip in severe exploits."
Sophos: https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/ 2024 Sophos Threat Report
Great for: Understanding threats to small and medium sized businesses.
Example takeaway: "Attackers have stepped up the use of web-based malware distribution—through malvertising or malicious search engine optimization (“SEO poisoning”)—to overcome difficulties created by the blocking of malicious macros in documents in addition to using disk images to overwhelm malware detection tools"
Accenture: https://www.accenture.com/us-en/insights/security/state-cybersecurity State of Cybersecurity Resilience 2023
Great for: Understanding the conceptual integration of cybersecurity into the broader business scope considerations.
Example takeaway: "96% of respondents whose organizations substantially automate their
cybersecurity programs recognize that automation helps them alleviate cyber talent
shortages, a key challenge for any company seeking cyber resilience."
PwC: https://www.pwc.com/gx/en/issues/cybersecurity/global-digital-trust-insights.html # 2024 Global Digital Trust Insights
Great for: One of the best surveys and reviews for executive insights on the prioritization of defensive efforts and spending for organizations. Good info on risks, mitigation efforts, regulatory and tech evolutions.
CrowdStrike: https://www.crowdstrike.com/global-threat-report/ Global Threat Report 2024
Great for: Specifics on APTs, geopolitical activity and case studies with informative detail. Good for attack vector and type perspectives.
Mandiant / Google: https://www.mandiant.com/m-trends M-Trends 2023 https://www.mandiant.com/resources/reports/cybersecurity-forecast-2024 Google Cloud Cybersecurity Forecast 2024
M-Trends is great for: Detailed trends over time of attack types and vectors. (look for a new one for 2024 to publish soon)
Cybersecurity Forecast is great for: General, high-level awareness overviews, good summary of all potential risk types to be aware of.
IBM: https://www.ibm.com/reports/data-breach Cost of a Data Breach Report 2023
Great for: Understanding costs of data breaches (obviously) but also how impacts have been and can be reduced for organizations going forward. Good perspectives and info for executives.
Example takeaways: "1 in 3: Number of breaches identified by an organization’s own security teams or tools. Only one-third of companies discovered the data breach through their own security teams, highlighting a need for better threat detection. 67% of breaches were reported by a benign third party or by the attackers themselves. When attackers disclosed a breach, it cost organizations nearly USD 1 million more compared to internal detection."
"$1.49M Cost savings achieved by organizations with high levels of IR planning and testing. In addition to being a priority investment for organizations, IR planning and testing emerged as a highly effective tactic for containing the cost of a data breach. Organizations with high levels of IR planning and testing saved USD 1.49 million compared to those with low levels."
IBM: https://www.ibm.com/reports/threat-intelligence IBM X-Force Threat Intelligence Index 2024
Great for: Understanding threats, their trends and some insight into mitigations.
Example takeaway: "The biggest shift the IBM X-Force team observed in 2023 was a pronounced surge in cyberthreats targeting identities. Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives. In this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns."
Palo Alto Unit 42: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report 2024 Unit 42 Incident Response Report
Great for: Understanding threats from detailed case studies exploring the how and why of the attacker's progress and successful responses repelling them. Full of practical advise to put into action for defenders.
VirusTotal:
### Governmental:
European Union Agency for Cybersecurity (ENISA) https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 ENISA Threat Landscape 2023
Example key takeaway: ETL 2023 identified public administration as the most targeted sector (~19%), followed by targeted individuals (~11%), health (~8%), digital infrastructure (~7%) and manufacturing, finance and transport.
Australian Signals Directorate (ASD) Australian Cyber Security Centre (ACSC): https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023 ASD Cyber Threat Report 2022-2023
Great for: Easy to understand summary of trends statistics,
U.K. Government: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Cyber security breaches survey 2023
Great for: Understanding the cybersecurity environment in the UK and separate from US statistics.
Example takeaway: "32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
This is a decrease from 39% of businesses and 30% of charities in 2022. The drop is driven by smaller organisations – the results for medium and large businesses, and high-income charities, remain at similar levels to last year."
U.S. National Security Agency: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3621654/nsa-publishes-2023-cybersecurity-year-in-review/ Cybersecurity Year in Review 2023
Great for: Understanding activities of Advanced Persistent Threats and governmental actions to increase national and economic sector security. Good insights on future (well, now current), advanced and edge-case threats like AI, cryptography concerns and more.
The annual reports are great tools for sharing information with executives to help them better understand the risks, trends and importance of awareness to current cybersecurity issues. Also key for industry insiders to amke sure they don't have any blindspots and are always challenging their assumptions. Happy reading!
Review of the top annually produced cybersecurity threat and intelligence trends covering 2023.
Discussion about how to overcome team conflicts and project delays in IT and web development projects.
Follow these steps and consider these tools to get your company cyber secure.
Top 12 social media for businesses to promote with in China
As a website owner, cybersecurity should be a top priority.
QA takes work! We use the best tools and processes to make it easier.