In 2023, ten groups caused 44% of cyberattacks, impacting IT, telecoms, and SMEs globally, with widespread software compromises.
In 2023, a surprising fact emerged: just a handful of masterminds, ten (10) to be exact, were behind nearly half of all the cyber mischief.
So, 44% of last year's cyber incidents? All thanks to ten groups. A report from SecurityScorecard spills the beans on where these threats come from and who's at the front line. Spoiler alert: it's not good news for supply chains, with a staggering 98% of organizations using compromised software.
The biggest players in this cyber saga include the Russian-backed АРТ28 and the Cobalt Group, known for their financial sector heists since 2016. These guys aren't just local; their infrastructure's mostly in China and Russia, but their reach is global.
Who's getting hit the hardest? The IT and tech industries, closely followed by sectors we can't afford to have compromised – like telecoms and government. This screams for a team-up in managing cyber risks. Also, a country's wallet size (GDP, in fancy terms) seems to play a role in its cyber vulnerability. Northern Europe's doing pretty well in cybersecurity, while Central Asia? Not so much.
Small and medium enterprises (SMEs) are up to their necks in this too. Half of them had a cyber incident last year, according to Sage, an accounting software firm. Roche Healthcare, one of Sage's clients, had a particularly tough time when their data host was attacked. Turns out, cyber trouble is a frequent guest for many SMEs.
Despite these challenges, SMEs are stepping up their game. Most have beefed up their security, with a strong emphasis on cyber resilience. But it's not all smooth sailing. Remote working and cloud migration are making things tricky, and staying ahead of new threats like phishing and ransomware is a major headache.
SMEs are shouting for more help, especially from the government, to boost their cyber defenses. The GDPR regulation is one example of how clear guidelines can make a difference. The UK government, while not planning a GDPR-like law for cybersecurity, is looking into why SMEs are dialing back their security spending.
In a nutshell, cybersecurity in 2023 was a rollercoaster, with a few key players causing major disruptions. It's a wake-up call for everyone, from giant corporations to the corner store, to buckle up and take this digital threat seriously. The battle against cyber bad guys is on, and it's about time we all joined forces.