Computer hackers were busy in 2023, more than doubling their global attack attempts, with a particular focus on utilities and manufacturing organizations, according to a report from Armis, a San Francisco-based asset intelligence cybersecurity company.
Attack attempts increased 104% overall last year, but the increase was even greater for utilities (over 200% increase) and manufacturing (165% increase), the firm said in its report, “The Anatomy of Cybersecurity: A Dissection of 2023's Attack Landscape.” Armis said its report highlights the multifaceted challenges global organizations face when it comes to protecting their “attack surface,” which includes the entire variety of technology devices that are vulnerable to cyberattack.
Among its key findings, the Armis report found that geopolitical tensions exacerbated the cybersecurity landscape in 2023. For example, cyberwarfare grew more widespread as Chinese and Russian actors attacked industries in the areas of manufacturing, educational services, and public administration.
Second, the report found that outdated “legacy” technology steepens the incline of cybersecurity pros’ existing up-hill battle. As an example, older Windows server OS versions (2012 and earlier) are 77% more likely to experience attack attempts compared to newer Windows Server versions. The threat is particularly acute for industries still using end-of-support (EoS) or end-of-life (EoL) software and hardware.
Third, many businesses struggle to prioritize and remediate their vulnerabilities. One reason is their sheer number; there were over 65,000 unique common vulnerabilities and exposures (CVEs) discovered in 2023 alone. Of those, wearable devices have the highest percentage (93%) of unpatched CVEs. But organizations have a poor track record of fixing those security gaps for other devices too, with patch rates at just 62% for non-weaponized and 61% for weaponized vulnerabilities.
“Armis found that not only are attack attempts increasing, but cybersecurity blind spots and critical vulnerabilities are worsening, painting prime targets for malicious actors,” Nadir Izrael, Armis’ CTO and co-founder, said in a release. “It’s critical that security teams leverage similar intelligence defensively so that they know where to prioritize efforts and fill these gaps to mitigate risk. We hope that by sharing these insights, global businesses and governments will leverage them to immediately pinpoint what they should be focusing on to improve their cybersecurity posture this year to keep critical infrastructure, economies and society safe and secure.”
