CRD #14

On human risk stats, artifacts vs LOLbins, security-specific GenAI & more.

CRD #14
The Cybersecurity Research Digest cuts through the marketing fluff and bias to bring you relevant and objective insights on cybersecurity stats and trends, all backed by empirical data.
The post features highlights from trustworthy research sources released between 10 and 22 December 2024, followed by a list of all monitored reports.

Understanding human risk: the 1% driving most security events

Analysis of human risk behaviors shows that a small number of users are responsible for a disproportionately large share of risky activity. In the most extreme example, the research reveals that 1% of users are behind 92% of all malware events. While concerning, this finding offers actionable insights for security teams to create more effective programs by implementing risk-specific, role-based protections and training.

1% of users are behind 92% of all malware events (Mimecast)

The study also highlights the types of targets most often end up falling for social engineering attacks. These tend to be managerial roles—especially in sales, board, executive, and finance teams—rather than employees or contractors. This does not reflect the cybersecurity capacity of individuals in these roles but rather their increased exposure as public-facing figures, making them frequent targets.

Expected clicks from phishing across departments (Mimecast)

Shift in attacker strategies: LOLbins on the rise

Incident response and MDR data highlight a growing need for organizations to strengthen their detection and defense strategies against the misuse of legitimate tools.

Totals of unique artifacts and LOLbins, 2021-1H24 (Sophos)

Threat actors are increasingly exploiting unique LOLbins—legitimate software binaries used for malicious purposes. Unlike "artifacts," such as Mimikatz or Cobalt Strike, which are illicit third-party tools, LOLbins allow attackers to camouflage their activities within legitimate system processes. The analysis shows that RDP, cmd.exe, and PowerShell remain the most frequently abused LOLbins.

Security-specific GenAI: interest high, but most still evaluating

A survey of 1,000 security professionals reveals strong interest in security-specific GenAI, though adoption remains limited. Only 6% of respondents have purchased GenAI solutions, with another 11% in the process of buying. The majority of security teams are still considering adoption, with 32% exploring the technology, 29% actively searching, and 18% testing or evaluating tools.

Notably, 63% of respondents indicated they "would change security vendors to use the GenAI of another vendor." Given the strong retention typically seen in security products, this creates a unique opportunity for vendors to challenge incumbents.

However, the study also underscores that calculating ROI is the top economic concern for potential adopters. Thus, to succeed, GenAI tools must go beyond the LLM hype and demonstrate measurable value over existing solutions.

Cyber insurance uptake grows, but confidence in coverage declines

A survey of over 500 North American companies with, or considering, cyber insurance reveals that more organizations than ever are purchasing coverage, with most choosing standalone policies rather than expanding existing general insurance packages.

This rise in adoption—driven by regulatory requirements and greater awareness of related risk mitigation benefits—has, however, been accompanied by significantly reduced confidence in the adequacy of coverage. These concerns likely relate to whether policies effectively address risks posed by highly advanced cyber operations, including those linked to nation-states/APTs.

At the same time, the steep premium rate increases of recent years have slowed, with insurers now projecting average hikes of 10% or less.

HR professionals battling fraud in recruitment

Fraudulent job applications have become a significant challenge for HR professionals, with 44% encountering such cases. Alarmingly, a third of these applications contained cybersecurity threats, such as malicious links or attachments—highlighting the need to address this vector as a priority within security programs.

Moreover, not all instances of fraud are detected during the initial stages of recruitment. In fact, 40% of professionals admit that fraudulent applications were only uncovered after the candidates had progressed further in the hiring process.

OT security: legacy systems, low visibility, and questioning security tools

A global study of more than 400 industrial control system (ICS) practitioners highlights ongoing challenges in securing OT and IoT environments. On average, over 40% of OT/IoT assets are categorized as legacy, outdated, or end-of-life. These findings correlate with significant visibility gaps, with respondents estimating that more than 38% of their OT/IoT network is not visible—an issue that is even more pronounced in critical operational networks.

However, poor visibility and outdated devices do not necessarily automatically lead to increased cyber risks – for example, study also reveals that practitioners sometimes view improperly implemented security tools as more disruptive to production environments than actual cyberattacks.


Reports monitored: 10-22 December 2024

To take a deeper dive in the topics most relevant for you, we've listed all the monitored research reports (26) that were published during the observed period.

Title Organisation(s) Topic(s)
The Secure Sign-in Trends Report 2024 Okta sign-in trends
State of ASPM Repor Cycode appsec
Insights and Strategies on VMware: Navigating the Evolving Hypervisor Market VMware VMware
The Cyber Insurance Outlook 2024 ArcticWolf insurance / US
Third-Party Breaches are the Top Threat for the U.S. Energy Sector SecurityScorecard / KPMG 3rd parties
‘Securing the Device Lifecycle: From Factory to Fingertips, and Future Redeployment HP device risk
Personal Liability Concerns Impact 70% of Cybersecurity Leaders BlackFrog liability / leaders
2024 Security Megatrends report Security Industry Association strategic trends
The CISO Report Splunk leader perceptions
Not ‘if’ but ‘when’: 88% of execs expect an incident as large as the July global IT outage within the next year PagerDuty leader perceptions
AI-Driven Scams and Fraudulent CVs: The Increased Risk to HR Operations in the UK KnowBe4 HR / scams
Cybersecurity Leadership Survey ICS2 leadership
Threat Landscape Report: Uncovering Critical Cyber Threats to Utilities ReliaQuest utilities
The State of Enterprise Open-Source AI Anaconda / ETR open source / AI
Organizations Struggle to Secure AI-Generated and Open Source Code Venafi AI-generated code / open source
16th December – Threat Intelligence Report Check Point Research threat intelligence
API Impact Report 2024: AI Adoption and Innovation Challenges Kong APIs
The Global State of CPS Security 2024: Mining & Materials Clarity mining / cyber physical systems
Exposing Human Risk Mimecast human risk
Don’t celebrate ransomware’s decline just yet 451 Research defender risk
Europe’s Top 100 Companies: Cybersecurity Threat Report SecurityScorecard 3rd party risk
OT Cybersecurity Technology Report 2024 (CS)2AI / Radiflow OT
The CrowdStrike State of AI in Cybersecurity Survey Crowdstrike GenAI
The Bite from Inside: The Sophos Active Adversary Report Sophos threat intelligence
SEC Cybersecurity Incident Disclosure Report December 2024 Paul Hastings LLP SEC / incident reports

About

evisec's Cybersecurity Research Digest provides security leaders verified strategic insights via a carefully curated weekly summary of evidence-led, unbiased and objective cybersecurity research publications. Read more about our service here.


✉️ Suggestions or want to collaborate? Get in touch via LinkedIn or email (henry@evisec.xyz)