Click here to visit Original posting
Nearly half (44%) of all cyber incidents in 2023 were masterminded by only ten threat actors, new research has claimed.
A report from SecurityScorecard also found where most threats originate and which industries are in most danger, as well as a link between cyber risk and GDP.
Another trend that has arisen is the targeting of supply chains, which puts many organizations at risk and makes defending against such attacks even more complicated. SecurityScorecard found that 98% of organizations use compromised third party software.
Popular targets
Among the ten most prominent threat actors are the Russian-backed АРТ28 group, who were behind cyberattacks on Ukrainian infrastructure, and Cobalt Group, who have been targeting financial institutions since 2016.
SecurityScorecard also found that most of the infrastructure used by threat groups last year was concentrated mainly in China (24%) and Russia (15%). However, the threat actors operate globally.
As for targets, the IT and tech industries suffered the most cyberattacks, with critical infrastructure such as telecoms and government institutions close behind. SecurityScorecard believes that targets such as these highlight the importance of collaborating to manage cyber risks, "as these high-risk sectors face and contribute to rapidly increasing cyber risk."
The report also found a "strong correlation" between a country's GDP and their exposure to cyber risks, with SecurityScorecard noting that "a nation's economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats."
Northern Europe was given the highest cybersecurity score or 82.97, whereas Central Asia had the lowest at 71.73.
SecurityScorecard CEO Dr. Aleksandr Yampolskiy commented on the report that, "progress starts with precise measurement. And until recently, cybersecurity lacked effective measurement... Security Ratings arm global leaders with a universal language to be relentlessly data-driven in managing cybersecurity risk."
He added: "by establishing clear KPIs, we can enhance cyber resilience, ultimately renewing trust in our digital ecosystem."