State of cybersecurity in 2024: A review of the reviews

An Apex Legends event was postponed by organizers after two players appeared to be hacked and given unwanted cheat devices. — © AFP/File Denis Charlet

What is the state of cybersecurity as 2024 splutters to a close? This year there have been several key reports generated from leading cybersecurity services. To provide awareness for businesses, Digital Journal presents a round-up of the latest activity.

Zimperium: Mobile Phishing Attacks Targeting Enterprises Surge, Zimperium Researchers Find

The new report from Zimperium reveals that 82 percent of phishing sites now target mobile devices, highlighting how s cybercriminals are increasingly adopting a “mobile-first” attack strategy.

In particular, financial services organizations saw 68 percent of its mobile threats attributed to sideloaded apps. In fact, zLabs researchers found that mobile users who engage in sideloading are 200 percent more likely to have malware running on their devices than those who do not. APAC outpaced all regions in sideloading risk, with 43 percent of Android devices sideloading apps.

The report detected over 87,000 malware samples detected a month, which is a 13 percent increase year-on-year and 80 percent more spyware samples detected on enterprise devices.

Darktrace: First 6: Half-Year Threat Report 2024

Darktrace has detected 17.8 million phishing emails across its customer fleet between December 21, 2023, and July 5, 2024. Here, 62 percent of these emails successfully bypassed DMARC verification checks which are industry protocols designed to protect email domains from unauthorized use, and 56 percent passed through all existing security layers.

Menlo Security: The Continued Impact of Generative AI on Security Posture

In the last half of 2023, the research team observed an 80 percent increase in attempted file uploads to generative AI websites. In a 30-day period in Q1 2024, 55 percent of the data loss prevention events detected by Menlo Security included attempts to input personally identifiable information into generative AI platforms.

Menlo Security: 2023 State of Browser Security Report

In the second half of 2023, Menlo Labs Threat Research team observed a 198 percent increase in browser-based phishing attacks compared to the first half of the year.

XM Cyber: Navigating the Paths of Risk: The State of Exposure Management in 2024

In May 2024, XM Cyber released its third annual State of Exposure Management Report, produced in collaboration with the Cyentia Institute, which found that identity and credential misconfigurations represent around 80 percent of security exposures across organizations, with one-third of these directly endangering critical assets, making them prime targets for attackers to exploit.

The report highlights that while only 2 percent of exposures occur at choke points—locations where multiple attack paths intersect—these points are disproportionately dangerous, as they give attackers broad access to key systems. Organizations with poor security posture face six times more exposures (30,000) than high-performing peers (5,000). Businesses must focus on securing these choke points to close the most critical attack paths and efficiently mitigate risk.

The report also showed that cloud environments are not exempt from the risk of exposure – 56 percent of critical asset exposures are in cloud platforms, with 70 percent of organizations vulnerable to attackers traversing from on-premise networks to cloud systems. Alarmingly, attackers can compromise 93% of critical assets in these cloud environments within just two hops.

Salt: State of API Security Report 2024

The threat of API attacks is growing, and traditional methods aren’t advanced enough to keep up with the rapidly-evolving digital landscape.

The report indicates that 95 percent of organizations experienced security problems in production APIs within the last 12 months, with 23 percent suffering breaches as a result of API security inadequacies.