Key cybersecurity trends from industry-leading reports

As children, we all had our bogeyman. Whatever it was that frightened us, we understood that as we grew older—and stronger, and more knowledgeable—those bogeymen, conversely, would become less frightening.

Not so in the world of cybersecurity. Unfortunately, it has proven much more difficult to outgrow the risks of real-world cyber criminals than it was the make-believe monsters that once lived in our closets.

As our knowledge and experience in the cyber world increases, the various bogeymen we now face only grow bigger, stronger and faster. Bad actors are simply more capable of wreaking more havoc more quickly than ever before. A cyberattack that used to take weeks to unfold now occurs in a matter of days. Yesterday’s adequate defenses quickly become today’s visible but ineffective security facades—the cyber equivalent of pulling the covers over one’s head and hoping for the best.

Unfortunately, this reality is turning many organizations into mere statistics. As seen among the cybersecurity trends noted in an extensive collection of recent cyber reports spanning myriad industries, the trouble often boils down to two main culprits: innovative external threat actors and an increase in human error.

External threat actors

According to Verizon’s Data Breach Investigations Report (DBIR)—an industry staple, providing in-depth analysis and information about security incidents and data breaches—65% of breaches were the result of external threat actors and 35% (an increase of 20% over the prior year) were attributed to individuals within the organization. Yes, the external bogeymen are still on the scene and have grown more creative and aggressive. But we must also worry about our own employees exposing our systems and data or otherwise leaving us vulnerable to attack.

Consider CrowdStrike’s Global Threat Report which provides threat intelligence and an overview of the tactics, techniques and procedures (TTPs) used by cyber adversaries. Their 2023 report highlights a variety of TTPs at work, including identity-based attacks (emphasizing the importance of protecting user credentials), the surge of cloud intrusions (as noted by a 75% increase in cloud environment intrusions from 2022 to 2023), third-party exploitation (documenting the risk continually posed by supply chain vulnerabilities) and even malware-free attacks (which increased by 60% in 2023) as adversaries adopt more subtle methods like credential phishing and social engineering.