- Report shows top 3 trends in cybersecurity threats
- Ransomware-as-a-Service and supply chain attacks identified as growing threats
- Security experts provide assessments of protection strategies and show how companies can protect themselves
The spread of ransomware-as-a-service (RaaS) models and the sharp increase in supply chain attacks in the past year have led to an increased number and sophistication of cyberattacks, according to CANCOM’s Cyber Security Report. In the report, IT security experts emphasize the urgency of improved protective measures and explain specific strategies for combating these threats.
Looking to the future, Jochen Borenich, CEO of CANCOM, sees cybersecurity as crucial to business success, referring to the Allianz Risk Barometer 2024: “Alongside the issue of energy security, critical cyber incidents such as IT outages, ransomware attacks and data breaches are classified as the biggest threats to companies’ ability to do business. Is corporate IT security reaching its limits? No, if the right solutions are deployed in the right places at the right time,” says Borenich.
Top 3 trends in cybersecurity 2023
The report identifies three main trends dominating the cybersecurity landscape in 2023 and provides detailed measures that companies can take to effectively protect themselves against these threats:
1. Ransomware: The threat of ransomware has continued to intensify and represents a serious global security crisis. Attacks are becoming increasingly sophisticated, exploiting new vulnerabilities and phishing campaigns. In the report, CANCOM recommends comprehensive measures such as user awareness training, the least privilege model, network segmentation and endpoint security to protect companies from these attacks.
2. Supply chain attacks: Attackers use vulnerabilities in the supply chain to gain access to companies. The exploitation of zero-day vulnerabilities and the spread of advanced malware have led to an increased number of successful supply chain attacks. The report emphasizes the importance of supplier security policies, continuous audits and proactive threat intelligence to prevent these attacks and ensure supply chain security.
3. OT security: Critical infrastructures and industrial process control systems are increasingly the target of attacks. CANCOM relies on continuous monitoring, network segmentation and virtual patching to ensure the integrity and security of these systems.
How companies can protect themselves with the PURPLE strategy
The CANCOM Cyber Security Report 2024 offers comprehensive insights into the symbiotic PURPLE strategy. It combines the strengths of the RED team, which specializes in offensive security audits and vulnerability assessments, with those of the BLUE team, which is responsible for continuous monitoring and incident response. This PURPLE strategy includes:
Proactive attack defense: the RED team conducts penetration testing and vulnerability analysis to uncover security gaps before they can be exploited by cybercriminals.
Continuous monitoring and response: The BLUE team monitors systems around the clock, responds to incidents and conducts threat hunting to quickly identify and neutralize active threats.
Knowledge sharing and collaboration: The continuous sharing of insights between the two teams enables dynamic adaptation and improvement of security strategies, better protecting organizations against new and evolving threats.
End-to-end security approach: By integrating preventive, detective and reactive measures, the PURPLE strategy provides a holistic security solution that covers all aspects of cybersecurity.