TLDR:
- Global organisations are improving their cyber defences, with the average time to detect an attacker decreasing.
- Cyber criminals are focusing on evasion tactics, targeting edge devices, and using living off the land techniques.
In 2023, global organisations made significant strides in improving their cyber defences, as indicated by the decrease in average time to detect attackers from 16 days in 2022 to 10 days in 2023. Financially-motivated attacks rose by 8%, driven by the increase in ransomware and extortion cases. Cyber criminals have shifted their focus to evasion tactics, specifically targeting edge devices and employing living off the land techniques to evade detection.
The rise in zero-day vulnerabilities exploited in the wild, the increase in AiTM phishing attacks to bypass MFA, and the use of AI by red teams for assessments were significant trends observed in cybersecurity in 2023. Recommendations from the M-Trends report emphasize the need for organizations to update authentication policies, implement controls to restrict access to cloud resources, and use AI to enhance security practices.