Cybercrime is becoming more sophisticated and better resourced, leading to advanced tactics and attacks that are putting cybersecurity to the test. However, that security is working. Despite a big surge in attacks—over 600 million each day—the walls are holding. Even though ransomware attempts have increased 2.75 times, successful attacks have dropped three-fold.
This information from Microsoft's new Digital Defense Report 2024 reveals that modern cybersecurity methods keep organisations safe. But not all cybersecurity is alike, and the report also shows how to distinguish successful security measures from those that are behind the curve.
Here are three observations from Performanta on the report's findings:
Organisations must focus their cybersecurity priorities
Regular readers of our blogs will know that Performanta supports risk-based approaches to cybersecurity, such as Gartner's CTEM framework. The idea is that not all of a company's assets are of interest to criminals. Rather than secure everything equally, identify and handle the priority targets first.
Microsoft's report agrees: attackers are very interested in less than 1% of organisational assets. However, 80% of organisations have attack paths that expose critical assets, and "it is imperative to thoroughly map an estate's 'crown jewels.' This can include critical servers, highly privileged identities, sensitive data, or other assets."
This approach doesn't mean ignoring security elsewhere. Many attacks start with a soft target that gives a toehold that attackers can exploit. Companies should apply good cybersecurity standards across the board: examples include regular patching, staff awareness, penetration testing, and protecting credentials with good passwords, multi-factor authentication, and passkeys.
Yet, without knowing what the most critical assets are, cybersecurity can flounder in the dark. The most effective approach is to design security through risk, which is why Performanta has the market's first Risk Operations Centre as part of our Safe XDR service.
Ransomware thrives on social engineering and unmanaged devices
Ransomware attacks are thriving. These attacks have grown 2.75 times year-on-year and are becoming more sophisticated. Attackers now often tamper with security solutions, disabling protection aspects that let the criminals launch their encryption attacks.
According to the report, "in May 2024, Microsoft Defender XDR detected over 176,000 incidents involving tampering with security settings, impacting more than 5,600 organisations."
This trend underscores the importance of staff training and estate visibility. Staff training is crucial since social engineering tactics are the most prevalent way that attackers gain initial access. Phishing via email, voice, and SMS is the most commonly used social engineering attack.
Criminals often target public-facing and unpatched operating systems, quickly exploiting any new common vulnerabilities. Besides targeting people and public-facing systems, criminals exploit unmanaged devices. The report observed "remote encryption in 70% of successful attacks, with 92% originating from unmanaged devices in the network."
Visibility and device management are crucial. At Performanta, we use our in-house platform Encore to help customers check their estate in real-time to track patching and other security vulnerabilities, and ensure that security services remain active.
Nation-state cyberattacks are spilling over
There is an astounding statement on page 22 in the report, "The rise and the pace of nation-state sponsored attacks has escalated to the point there is now effectively constant combat in cyberspace."
Many still see this as separate from commercial cybercrime, but those lines have gone from blurred to almost indistinguishable. Microsoft notes that during 2024, state-affiliated groups have overwhelmingly started to use criminal tools and tactics and expanded their collaboration with cybercrime cartels.
Hybrid warfare in regions such as Eastern Europe and the Middle East fuels the fire, where AI-powered cyberattacks and digital propaganda support military campaigns. Countries are also exploiting the chaos to line their pockets—for example, North Korean hackers have stolen over $3 billion in cryptocurrency since 2017.
Why is this a concern for companies? There was a time when nation-state attacks only targeted other sovereign assets. But criminals have more access to those methods and resources. One consequence is a dramatic rise in attacks targeting operational technologies (OT) that run public infrastructure, manufacturing facilities, and much else in the industrialised world.
Companies can respond with proactive security detection that continually looks for threats. The most effective model is working with a robust managed security provider and its countermeasure systems. Performanta combines risk management, security operations, and fast event resolution to rapidly detect and deter attacks. We work closely with top vendors such as Microsoft to access the latest security intel and deploy countermeasures to key threats.
Protect your business with knowledge and Performanta
Microsoft's Digital Defense Report 2024 contains excellent insights. If you are pressed for time, browse the excellent summary page, and if you want to ensure your company is secure, talk to Performanta. We make sure your business, devices, data, and people are cyber-safe.
Comments