MANILA, Philippines – American cybersecurity firm Fortinet on Tuesday, May 28, released its semiannual Global Threat Landscape Report for the second half of 2023.
The report found that cyberattackers increased the speed at which they exploit vulnerabilities by 43% compared to the first half of 2023, indicating a growing threat. The firm found that, on average, attacks started 4.76 days after new exploits are found and publicly disclosed.
“With the time-to-exploit decreasing significantly by 43% to just 4.76 days, the pressure on already stretched cyberdefense resources has intensified. The ability to quickly sift through a prioritized list of vulnerabilities, effectively managing these ‘ticking time bombs,’ is now more critical than ever,” the report said.
Prioritization is important for cybersecurity service providers and IT managers as vulnerabilities are exploited at different rates. For this, Fortinet uses a measure called “Exploit Prediction Scoring System (EPSS)” which attempts to predict if a vulnerability is high priority or not.
For example, in their older first half report, the firm found, “Within seven days of publication [of a vulnerability], 22% of vulnerabilities with the highest EPSS scores (top 1%) saw exploitation activity, compared to just 0.07% of those in the bottom half of EPSS scores.”
The onus also lies on the device vendor, Fortinet said. Vendors have to “dedicate themselves to internally discovering vulnerabilities and developing a patch before exploitation can occur” and must be quick in advising users of vulnerabilities.
Another finding of the firm saw that attackers continue to attack old vulnerabilities that have gone unpatched, some of which have lasted for 15 plus years without being fixed, “reinforcing the need to remain vigilant about security hygiene and a continued prompt from organizations” to patch consistently.
Not all vulnerabilities are attacked though, with Fortinet finding that less than 9% of all known endpoint vulnerabilities were targeted. What this means is that cybersecurity teams can work to prioritize the types of vulnerabilities that are being targeted the most – a key resource management tactic in a department that’s usually undermanned in most industries.
A study by the World Economic Forum cited by Fortinet had found that, globally on average, there are only two IT security full-time employees for every 1,000 employees. Cybersecurity spending could be improved as well, which is currently at 0.2% of a company’s revenue on average or about P2 for every P1000 worth of revenue.
The proper figure is different for every industry, explained Alan Reyes, country manager of Fortinet. Extremely critical industries like banking may require a lot more cybersecurity manpower and a higher budget than, for example, catering businesses.
Philippine figures
The report also revealed that phishing remains the most prevalent form of a cyberattack in the Philippines, followed by ransomware, identity theft, unpatched vulnerabilities, and lastly, by insider threats.
Efforts by cybercriminals have remained effective, with 62% of surveyed organizations in the Philippines having seen three times as many breaches in 2023 than the previous year.
The most targeted sectors, in no particular order, are manufacturing, hospitality, retail, healthcare, and telco.
The increase can also be linked to the rise of AI-assisted hacking, with Fortinet saying that such tools have enhanced malicious activities, and have reduced the amount of time to launch a successful attack.
To combat this, the firm stressed a “culture of collaboration, transparency, and accountability on a larger scale than from just individual organizations in the cybersecurity space.” They noted that financially-motivated cybercriminals are always looking for the weakest link, and the easiest way to extort money.
For example, a large company might have some robust cybersecurity measures in place but a third-party supplier providing a service to the said company may not have as much. The supplier could then represent “the path of least resistance” to the attacker, becoming a vulnerability that may eventually allow the attacker to breach the larger company.
With cybercriminals becoming faster in exploiting vulnerabilities, and efforts like phishing becoming more effective, the firm stressed the need for both public and private sector organizations to step up efforts in building a cyber-secure culture and environment. – Rappler.com