Copy of Stay Ahead of Cyber Threats: Key Findings from IBM’s Latest Report

IBM? X-Force? Threat Intelligence Index 2024 TL;DR

X-Force is a global IBM team, operating in 170 countries, made up of ethical hackers, incident responders, researchers, and analysts. They have a huge empirical data base, so identifying trends is not just their shtick, it’s also incredibly reliable information.?

The X-Force Threat Intelligence Index Report for 2024 details the major cyber threat trends they observed in 2023. As you can guess, it’s lengthy but full of useful information for anyone in an IT, compliance, technology, or cybersecurity-related role.

IBM cybersecurity expert/engineer Jeff Crume gave a Tl;DR version of the report, including the theme underlying every type of threat and steps to avoid these threats.

The Top Cyber-Attack Threat Trends

Identity and Access Management

The report took a look at the initial access vectors, or the ways hackers are trying to break into your system from the start. The most common access points, comprising about 30% of attacks each, are:?

1. Valid Accounts: They observed a 71% increase in these attacks, YOY.?
2. Phishing: These are strongly related to using valid account log-ins to gain access, since the purpose is to steal your credentials in one of two primary ways (attachments or sending links).?
3. Pub Apps: As with the previous two, bad guys know it’s easier to log in than to hack in.

Data

Data theft and data leakage increased 19% from 2022 numbers. It also likely relates to “info stealers,” hackers who send some sort of malware, perhaps in an email or even a publicly available app. Your system gets infected after the software is executed. Their malware then grabs information, often your credentials, and sends it back to the bad guy.

This particular threat has increased by 266% YOY.

??

Applications

Part of the X-Force Report details updates to the OWASP—Open Worldwide Application Security Project—which includes a list of the top application security vulnerabilities, including:?

1. Incorrect system configuration (i.e., not changing the default settings).
2. Identity and authentication failures (i.e., crappy/default passwords left in place).
3. Access control.?

And so on. More importantly, these all relate to identity and access management—the overriding theme of 2023 failures.? The bad guys want your info like a dog wants peanut butter.?

How to Protect Yourself from Becoming a Trend “Follower”

The good news is the X-Force found that 84% of the attacks on critical infrastructure could’ve been prevented by using one or more industry best practices. (Doh!)

These are the tried and true, albeit boring, methods you may have already heard about 87 times, relative to each trend listed above.?

Make It Harder for Bad Guys to Log In

• Leverage multi-factor authentication.?
• Use passkeys based on the FIDO industry standard to eliminate the need for users to remember complex passwords, which they usually don’t and end up simplifying to easier ones—a “Welcome” sign to hackers. (We’ll talk more about passkeys in our August newsletter!)

Encrypt and Back Up Your Data

Guess what happens when you’re the victim of a ransomware attack if you have encrypted data??

Hackers: We’ve got your data!

You: Meh.

Hackers: We’re gonna give it to the world.

You: Have at it, dum dum. You can’t read it and nobody else can either.?

Guess what happens when you’re the victim of a ransomware attack if you have a good backup?

Hackers: We have your data!

You: Amazing work, guys!

Hackers: We’re not gonna give it back unless you cough up all the monies.

You: Nah, I’m good. Just thinkin’ about my pure and pristine backup.

Hackers: Ughhhh.

More good news: Ransomware attacks were down 12% in 2023, and fewer companies are paying ransoms, which makes ransomware attacks far less attractive.?

Patch Your Apps/OS and Remove Defaults

Keep every bit of your tech stack up to date with security and software patches. And don’t go with default settings that could bite you in the “end user.” Change them, including default passwords and user IDs; turn off anything you don’t need, etc.?

Check out the IBM website if you’re interested in reading the full IBM? X-Force? Threat Intelligence Index 2024 report or watching the related webinar.?

Trivia!

Win a $25 Chipotle Gift Card

“SMS” stands for:

A. Silly Marketing Slang

B. Silent Message Signal

C. Short Message Service

D. Serial Messaging System

The first person to email [email protected] with the correct answer wins!

Employee Spotlight

Ashley Podobnik , Financial Coordinator at Continuous Networks, LLC

Secret bowling savant, dog mom, kid mom, and finance guru all under a fabulous head of hair.?

1.What’s your favorite thing about working at Continuous?

Our whole team. Working for and with people who truly care about you makes working much more meaningful and makes it easier to do your job!

2. Tell us about your rocking caricature.

My husband Chris and I have a beautiful, sassy, 4-year-old daughter, Charlotte, who is my whole world! We also have a German Shepherd named Scooby Doo—a 110-lb fur baby who thinks he is a lap dog. Our other GSD, Maximus, was our first “fur” baby who unfortunately passed away from cancer about a year and a half ago.

3. What is something your coworkers don’t know about you?

I went to college using scholarship money from bowling in tournaments as a child. I’ve been bowling since I was 3 years old; I basically grew up in a bowling alley, in a family of bowlers. When I was 10 years old, I started bowling in different local tournaments and, as I got older, we would travel more to bowl.

By the time I went to college, I’d won over $25,000 in scholarship money.

As an adult, I bowled in leagues as well and was the only woman in a men's league. I averaged 210, and my highest game was a 298. Surprisingly, I am the only one in my family who has not bowled a perfect 300 yet.

Book a Free CyberScore IT Assessment

Stop Losing Money Now

Odds are, you’re losing money due to your technology. For most companies, it’s tens of thousands of dollars per month, though it can total in the millions.?

How do we know? We’ve seen it happen, over and over.?

The Continuous CyberScore is a free, 30-minute evaluation that identifies and quantifies your inefficiencies and vulnerabilities, as well as giving you a step-by-step plan on how to turn things around.

We’ll prove EXACTLY how much money you’re losing, where the losses are occurring, and tell you how to fix them, whether you hire us to help or not.

Book your FREE CyberScore Assessment now on our website, at continuous.net/cyberscore, or by emailing us at [email protected].?

Eliminates lurking vulnerabilities and reactivity (versus proactive protection), slashing project/expansion costs by up to 68%.

Identifies inefficiencies, increasing your average employee utilization by 25% or more.

Even “good” IT decisions can cost you more than they should. Start saving at continuous.net/threatcheck now.