CRD #12

On AI-generated code, tool overload, security vs development, managed services uptake, incident costs, initial access methods & more,

CRD #12
Photo by Markus Spiske / Unsplash
The Cybersecurity Research Digest cuts through the marketing fluff and bias to bring you relevant and objective insights, all backed by empirical data.
The post features highlights from trustworthy research sources released between 19 and 25 November 2024, followed by a list of all monitored reports.

Cloud security challenges: tool overload, DevOps vs SecOps conflict, AI-generated code

A global survey of over 2,800 security leaders and practitioners provided unique insights on key challenges in cloud security. First, the sheer number of solutions in use is creating significant security blind spots. On average, organizations rely on 12 cloud service providers and 16 cloud security tools, leading 98% of respondents to stress the need for consolidation and simplification to improve visibility and management.

Second, conflict between DevOps and SecOps teams is perceived as a significant issue, with over half of respondents identifying security as the primary gating factor delaying software releases. In fact, 84% report that security processes are the main source of delays, yet 71% acknowledge that rushed time-to-market pressures still result in security vulnerabilities.

Third, somewhat surprisingly, AI-generated code was ranked as the top security concern, surpassing more standard worries related to APIs, access management, insider threats, or unmanaged assets. This prioritization reflects the undeniable reliance on GenAI, with 100% of respondents reporting the adoption of AI-assisted application development.

Managed services on the rise amid talent shortages and tooling inefficiencies

A global survey of 1,484 IT decision-makers in companies with 250+ employees estimates that the average direct revenue loss from cyberattacks last year was 9%. With a persistent shortage of skilled talent remaining a top concern, organizations are adopting varied strategies to address the gap. Nearly half plan to increase spending to attract the right talent, while close to a fifth are reducing hiring budgets, reflecting a growing reliance on Managed Security Services. This area has become a priority for many businesses, with 50% already investing in managed services and an additional 40% planning to do so within the next two years.

The report also examines security stack efficiencies, noting that many organizations are not maximizing functionalities of their security tools, with 45% of tools not being fully deployed. Additionally, referring to hype-led buying decisions, 41% of respondents acknowledge overlapping functionalities among the tools in use, leading to continued overspending. False alerts remain a key challenge in the industry, with an estimated 34% of alerts deemed false positives — an improvement from 38% reported last year but still indicative of major inefficiencies.

Australian annual threat report: small businesses disproportionately vulnerable

To balance the primarily survey-based data in industry reports, the Australian Cyber Security Centre's annual Cyber Threat Report for 2023-24 offers valuable insights grounded in actual incident response activities and official reports.

The centre reports that the average loss per cybercrime incident rose slightly for small businesses (+8%) to $48,615, while medium-sized businesses saw a significant decrease (-35%) to $62,870, and large businesses experienced a decline (-11%) to $62,602. Despite the overall 8% decrease in costs, the data underscores a persistent challenge: small businesses, which make up the majority of the economy but often lack resources for robust security measures, remain disproportionately vulnerable.

On a positive note, the agency received 7% fewer cybercrime reports compared to the previous year. Most incidents involved email compromise or banking fraud, while ransomware accounted for 11% of incidents, reflecting a 3% increase from last year.

A fourth of ransomware claims linked to VPN as actors diversify

Referring to outdated software and VPN gateways with default or weakly protected credentials, latest insurance data reveals a significant rise in attackers leveraging VPNs for initial access, accounting for a substantial 28.7% of ransomware claims in 2024 Q3.

VPNs have become the main initial access point for ransomware according to Corvus

The insurer also highlights a trend corroborated by other threat intelligence providers: law enforcement activities have disrupted the operations of dominant actors like LockBit, leading to a more fragmented ransomware ecosystem. This diversification, however, has not reduced the overall number of successful attacks, as victim numbers remain consistent quarter over quarter. Organizations now face a broader range of tactics, techniques, and procedures employed by an increasingly varied set of threat actors.

Predictable yet unresolved: striking when defences are weakest

A survey of 900 IT and security professionals confirms a well-known reality for those experienced in cyber incident response: hackers strike when organizations are most vulnerable. According to the survey, 72% of respondents reported being attacked on a holiday or weekend, and 63% experienced ransomware attacks during corporate events like mergers, acquisitions, or IPOs.

Despite this awareness, the report reveals that 85% of organizations with 24/7 SOC capabilities reduce staffing by up to 50% during holidays and weekends. The reasons are clear — overtime costs can be difficult to justify to clients, and staffing challenges persist as employees are often unwilling to forgo precious personal time.

Identity scammers embracing GenAI: deepfakes and digital document forgeries dominate

Data from tens of millions of identity verifications in 2024 reveals that deepfakes — digitally manipulated photos or videos — have become the primary technique for bypassing online identity verification processes. Occurring at a rate of one every five minutes according to the company's telemetry, deepfakes were used in 40% of biometric fraud attempts.

Highlighting further use of GenAI by fraudsters, the study reports a 244% year-over-year increase in digital document forgeries, which have now overtaken physical counterfeits as the dominant method of document fraud. The report also reveals that identity fraud primarily targets financial industries, with crypto-related platforms leading the list, followed by lending services and traditional banks.


Reports monitored: 19-25 November 2024

To take a deeper dive in the topics most relevant for you, we've listed all the monitored research reports (26) that were published during the observed period.

Title Organisation(s) Topic(s)
2025 Focus on the Future: Inflection Point for Transformation at Mid-Decade Auditboard audit / AI governance / IIA standars
Ransomware in H1 2024: Trends from the Dark Web Searchlight Cyber threat intelligence
The State of Cloud-Native Security 2024 Report Palo Alto Networks cloud security
Global Security Research Report Fastly general
RMA Chief Risk Officer (CRO) Outlook Survey ProSight Financial Association general risk perceptions
The Intersection of AI, Digital Fraud and Cyber Defenses Arkose Labs AI-enabled attacks
Annual Cyber Threat Report for 2023-24 Australian Cyber Security Centre Australia threat intelligence
Canadian Cybersecurity Trends Study 2024 Blake, Cassels & Graydon. Canada / M&A
2025 Identity Fraud Report Entrust fraud / identity
The State of AI in Cybersecurity StrongDM AI / cybersecurity
2024 Cyber Risk Index Report Embroker startups
Hong Kong Enterprise Cyber Security Readiness Index hkpc Hong Kong
The State of Network Security in Manufacturing Aryaka manufacturing
Supply Chain and Warehouse Trends in 2024 study Ivanti supply chain / warehouses
2024 LevelBlue Futures Report: Cyber Resilience in SLED LevelBlue local gov / higher education
Cyber defense & AI: Are you ready to protect your organization Kaspersky AI
New defenses, new threats: What AI and Gen AI bring to cybersecurity Capgemini general
Gen Q3/2024 Threat Report Gen fraud / scams
Q3 2024 Cato CTRL SASE Threat Report Cato Networks threat intelligence
Bigger and badder: how DDoS attack sizes have evolved over the last decade Cloudflare DDoS
THE CYBERTHREAT REPORT November 2024 Trellix threat intelligence
State of Cybersecurity Trends - ASX 200 UpGuard Australia
Outlook on AI-Driven Systemic Risks and Opportunities Guy Carpenter / CyberCube GenAI risk
Ransomware Holiday Risk Report Semperis ransomware
A snapshot of Cybersecurity in the EU eurelectric energy
Q3 Cyber Threat Report Corvus threat intel

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.


✉️ Suggestions or want to collaborate? Get in touch via LinkedIn or email (henry@evisec.xyz)