This post is also available in: 日本語 (Japanese)
Each year, Unit 42 Incident Response and Threat Intelligence teams help hundreds of organizations assess, respond and recover from cyberattacks. Along the way, we collect data about these incidents.
Our 2024 Unit 42 Incident Response Report will help you understand the threats that matter. It's based on real incident data and our security consultants' experience.
Read the report to learn how to safeguard your organization's assets and operations:
As an executive responsible for safeguarding your organization, you'll find analysis and recommendations to help you make strategic decisions about where to invest your time, resources and budget.
Use the following takeaways to start a conversation with your leadership team and encourage them to download the 2024 Unit 42 Incident Response Report to review the expert analysis in full.
Speed matters. Attackers are acting faster, not only at identifying vulnerabilities to exploit, but also stealing data after they do.
Attacker "dwell time" (the duration between when an attacker was detected and the earliest evidence of their presence) has also accelerated. The median dwell time was just 13 days in 2023 – half of what it was in 2021.
But, that's not necessarily a bad thing. Other data in our report indicates it may be that defenders are improving.
In 2023, attackers used internet-facing vulnerabilities to get into systems more often. This tactic occurred in 38.6% of our IR cases, making it the leading method of initial access.
Vulnerability exploitation surpassed phishing as the leading initial access method. Exploiting weaknesses in web applications and internet-facing software played a significant role in some of the largest and most automated cyberattacks.
This change emphasizes the importance of good patching practices and attack surface reduction. While that work can be challenging for large organizations to implement comprehensively, organizations must act swiftly and use multiple layers of defense to protect themselves. If you don't find and fix the exposure, attackers will.
Cyberthreat actors are adopting sophisticated strategies, organizing into specialized teams and effectively leveraging IT, cloud and security tools. They've become more efficient, defining and repeating processes for quicker results.
Attackers are now using defenders' own security tools against them, compromising highly privileged accounts and infrastructure to access tools and move within their target network. Vigilance and proactive defense are crucial as threat actors adapt and innovate.
Here are five key recommendations from our cybersecurity consultants to enhance your cybersecurity posture based on our insights from 2023's cyber incidents:
In addition to the findings outlined here, the report spotlights current threats as well as the impact of emerging technologies, including artificial intelligence (AI) Social Engineering, Large Language Models (LLMs), DevSec and DevSecOps, as well as the continued use of cloud-based technologies.
Download the complete 2024 Unit 42 Incident Response Report to learn more in-depth recommendations for improving your security posture and focus on the risks you need to mitigate.
Want help preparing for or responding to a cyber incident? Call in the experts.
If you think you may have been impacted by a cyber incident or have specific concerns about any incident types discussed here, please contact Unit 42. The Unit 42 Incident Response team is available 24/7/365. If you have cyber insurance, you can request Unit 42 by name. You can also take preventative action by requesting our cyber risk management services.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.