The News: IBM releases its 2024 X-Force Threat Intelligence Index. Additional detail is available in IBM’s press release.
IBM X-Force Report Reveals the Importance of Security Fundamentals
Analyst Take: IBM Security X-Force, the company’s team of cybersecurity experts, has been publishing its Threat Intelligence Index annually since 2012. The report has grown in recognition and clout over this timeframe, in large part due to the vast amount of data and expertise that goes into it. This spans IBM’s security operations telemetry data and incident response investigations, its research, and other commercial and open-source data points. In arguably the most notable example, the 2024 report draws on insights and observations from over 150 billion security events per day in more than 130 countries, according to IBM. The main objective of the report is to help organizations craft effective security strategies and to make informed decisions about their security by uncovering how security threats and trends are evolving based on how cybercriminals are adapting and changing their tactics, techniques, and procedures.
One of the most important findings from the 2024 report was that cybercriminals are doubling-down on exploiting user identities—with a 71% year-to-year increase in the volume of attacks using valid credentials, according to the report. Simply put, it is a “log in versus hack in” approach to gaining access to corporate networks, infrastructure, and data.
Against this backdrop, phishing remains a long-standing prominent initial access vector, but it dropped from being noted by 41% of respondents in the prior study to 30%, tying valid accounts as the most selected access vector and outpacing exploitation of public-facing applications by just 1%. Credential stuffing is becoming more common, especially when it comes to cloud account credentials available for sale on the dark web. At the same time, it remains important for users to keep in mind that social engineering attacks such as phishing are becoming more creative, pointed to the individual, and effective with the use of AI.
On the note of AI, these workloads represent a future frontier to be protected from cyber-criminals. This is especially true as generative AI workloads become more broadly adopted across organizations and across key business functions and considering that standards for safe and responsible data usage are still being established for AI. This being acknowledged, IBM’s report found that the return on investment (ROI) is not yet there for attackers to focus heavily on targeting these workloads at scale. I agree with IBM’s assessment that this is likely to come if a single generative AI solution secures half of the market share, and as the market consolidates around a few technologies.
Unsurprisingly, ransomware remains a major threat, but its incidence dropped 11.5% year-to-year, according to the study. What is new is that attackers are targeting critical infrastructure—in fact, nearly 70% of attacks that X-Force responded to in 2023 targeted critical industries. The increase in incidence, severity, and awareness of these attacks over the past couple of years, and the resulting technological development in areas such as data immutability and recovery testing and assurance, has resulted in a focus on, and increased ability to, rebuild critical infrastructure and recover data, for customers. In response, malicious actors have pivoted to information stealing; there was an alarming 266% increase in info-stealers, and data theft and leak rose to the most common impact of cyberattacks for organizations, in IBM’s study.
A final key theme to note is the importance of IT operations remaining diligent about and committed to the fundamentals; IBM’s research found that nearly 85% of attacks on critical sectors could have been mitigated with systems and software patching, multi-factor authentication, and policies of least-privileged access (that is, allowing users only the access to data and systems that they need to do their job). I have observed this trend as well and expect it to remain an important focus area for the foreseeable future.
Looking ahead, the threat landscape will continue to evolve. Threat detection and intelligence will only continue to become more critical, as a tool allowing organizations to guide their security decisions and to inform their incident response plans.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
The Six Five Insider at IBM Analyst Day with Rob Thomas and Dr. Dario Gil
IBM Announces New Quantum Processor and IBM Quantum System Two
Growing the IBM-AWS Alliance – The Six Five on the Road at AWS re:Invent 2023
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.