Orange Cyberdefense reveals worrying rise in cyber incidents
Orange Cyberdefense, the cybersecurity division of Orange, has released its latest annual Security Navigator 2024 report. The research casts a wide-ranging and intricate view on global cybersecurity, showcasing the intricate interplay with social, economic, and geopolitical aspects of this ever-evolving field.
The report outlines a 30% uptick in the number of securty incidents detected year-on-year, with nearly 37.45% of these incidents instigated from within organisations, either deliberately or accidently. Under the category of VERIS 'Hacking', nearly one third (30.32%) of confirmed incidents fall, retaining its position as the leading form of security breach.
The assessment illuminates that Large enterprises (40%) are the worst affected by Cyber Extortion, followed by small organisations (25%) and medium-sized businesses (23%). An innovative part of the research spotlights that the separation between physical and cyber threats is becoming progressively blurred, inclining towards the phenomenon of hacktivism. The study of approximately 2.5 million unique vulnerabilities reveals that a majority (79%) are classified as Medium or High, with nearly one in ten (9.4%) deemed to be critical.
Furthermore, the report discloses that over the past year, there has been a global rise of 46% in the number of Cyber Extortion victims, the highest figure ever recorded. This alarming increase correlates with recent governmental reports indicating that Australia has been facing one cybersecurity attack approximately every six minutes, with more than 250,000 scams reported this year alone. Data from ACCC Scamwatch affirmed that Australians have lost nearly $430 million to scammers in the current year.
As well as exploring Cyber Extortion, Orange's report highlights the increasing involvement of politically or ideologically motivated attackers. 2023 marked the highest recorded number of Cyber Extortion victims, with a 46% increase globally. Large enterprises took the brunt of these attacks (40%), experiencing a steady rise. This trend was exacerbated by a single threat actor, Cl0p, which exploited two significant vulnerabilities in 2023. A quarter (25%) of all victims belonged to small organisations, closely trailed by medium-sized businesses with a share of 23%.
The report also pointed out that across 2023, 25 Cyber Extortion groups disappeared compared to 2022, 23 persisted from the former year, and there were 31 new groups detected, emphasizing the difficulties of curbing Cyber Extortion. Furthermore, in light of recent geopolitical events such as Ukraine's conflict, hacktivism has surged, becoming a more powerful political tool.
The Security Navigator 2024 report testifies how Incident Detection teams have processed 30% more events across the period, totalling to 129,395, of which 25,076 (19%) are confirmed as security incidents. Also, the data suggest a strong correlation between successful detection efficiency and the degree of feedback received from clients. As a result, mature, established clients showed an efficiency four times higher than that of newly onboarded ones.
Reflecting on the report's findings, Hugues Foulon, CEO of Orange Cyberdefense, said: "This year's report highlights the unpredictable environment we face today, with our teams working harder than ever as the number of detected incidents continues to rise (+30% year-over-year). As we are witnessing a surge in the number of large businesses impacted by Cyber Extortion (40%), small and medium businesses cumulatively make up nearly half of all victims (48%). As the interplay between virtual and physical threats continues to blend, we remain committed to awareness, support, anticipation, detection and containment of attack vectors as they emerge."