There are more attacks and they are of greater severity, but organizations are increasingly prepared to protect themselves from them, to the point of internalizing their defense as a process. That is one of the main conclusions of the Cybersecurity Trends Report 2023 published by Sofistic, the cybersecurity division of the technology company Cuatroochenta, which analyzes the results of a representative sample of audits and monitoring of its SOC (Security Operations Center) carried out on Spanish and Latin American companies during 2022.
Sofistic's SOC (Security Operations Center) in Spain.
The number of cybersecurity alerts monitored by Sofistic's SOC has increased by a factor of 2.5 and incidents managed by 3 in 2022. For their part, pentest or audit statistics reveal that almost 30% of the vulnerabilities detected last year were of high and critical severity, the latter having increased the most, by 165% compared to 2021.
«The main factor that explains this evolution is the lack of updating in infrastructures, especially internal ones, where security tends to be more neglected because it is a supposedly controlled environment. The fact that there is a high percentage of criticality poses a high-risk scenario, as it means that organizations may have highly exposed services and machines, giving cybercriminals the option of taking control and seriously compromising their operations»
Raising awareness: cybersecurity as a process
The Sofistic report also concludes that cybersecurity is beginning to be treated as a relevant process within companies, with specific plans. "The increase in critical attacks, to all types of companies, but especially to those that are engaged in an activity and handle more sensitive information, has ended up making them aware to the point of understanding cybersecurity as a strategic investment and not as an expense," he stresses.
This is demonstrated by the significant increase in audits of all types based on artificial intelligence, with an increase of 112% in external and internal infrastructures and 71% in cloud and Microsoft 365 environments, related to the massive migration to the cloud during the pandemic.
In terms of the main vulnerabilities detected, the report identifies cryptographic flaws (lack of encryption, insecure algorithms or outdated software), poor access control, configuration errors (often due to outdated protocols) and breaches via VPN and insecure WiFi as the most common.
Phishing: we sting less, but still leave data behind
In the 2022 social engineering audits Sofistic detects an overall decrease in the number of users interacting with phishing emails, with a reduction in the number of those who open the messages (28% less) and those who click on links in the fraudulent emails (-40%). However, proportionally (down only 5%) there continues to be a significant number who do provide data, for example, by entering information in a form.
"The increase in social engineering audits, to understand and improve the level of awareness of the workforce, is a very positive development, since people are the main attack vector for cybercriminals: the higher the level of awareness, the greater the resilience to a cyberattack". The study, however, points out that 1 in 10 users still enter their credentials in phishing attacks.
The typology of incidents investigated by Sofistic's SOC "shows that the priority of cybercriminals is to obtain valuable information and confidential or sensitive documentation, such as lists of users with personal data, in order to extort a ransom from their victims". Thus, incidents related to different phases of ransomware attacks account for nearly 70% of the total, such as privilege abuse, exploitation of vulnerabilities in exposed systems that have not been updated, or attempts at data exfiltration.
Finally, a high growth of audits that until recently were a minority, such as those of blockchain or OT environments, which have tripled and doubled, respectively, is credited, which "represents a major challenge from the point of view of cybersecurity due to its complexity".
Cybersecurity recommendations for 2023
Sofistic closes its report with a series of cybersecurity recommendations for businesses inferred from its findings, including:
Review configurations, update systems, reduce unnecessary service exposure and monitor servers through a SOC.
Zero Trust Model. The evolution and sophistication of attacks in increasingly hybrid environments, where telecommuting is common and the security perimeter is blurred, makes the optimal protection strategy zero trust, with strict authenticity verification for every person and device attempting to access resources on a private network regardless of location.
Protect credential management with the support of tools that allow us to unify authentication, segregate permissions following the principle of least privilege and use multiple factors and identify risk access without blocking the company's operations.
Continue to focus not only on awareness, but also on constant training in cybersecurity for employees, and to ensure that this is translated into clear procedures that are actually complied with.
The Cybersecurity Trends Report 2023 is based on a representative sample of the work carried out by the Sofistic team in 2022, consisting of the analysis of 1,200 vulnerabilities in 150 security audits and the results of monitoring 100,000 alerts and 1,500 incidents in its SOC. The study is mainly based on critical infrastructures (energy companies, water management, airports and hospitals), the financial sector, industry and services in Latin America and Spain, although the conclusions and recommendations it puts forward can be extended to any organization.
0
vulnerabilidades analizadas
0
alertas monitoreadas en su SOC
0
incidentes monitoreados en su SOC
Sofistic is Cuatroochenta's cybersecurity division. Specialized in critical sectors, banking and health, it offers both preventive and proactive protection and an effective response to incidents supported by the most advanced software, without interfering in business efficiency. With extensive experience and a track record of 14 years, it has its own 24/7 SOC (Security Operations Center) to monitor the cybersecurity of companies and institutions in Latin America and Spain. It also offers security audits (pentest) and managed security services (MSSP) in MDR (Managed Detection and Response) mode, through Crowdstrike, Darktrace and Exabeam software; in addition to Microsoft cybersecurity tools. Both the team and the company have a wide range of security certifications, including ISO27001 and ENS.
