Critical Start has released its biannual Cyber Threat Intelligence Report, detailing the top threat trends observed in the first half of 2024. This includes emerging cybersecurity threats impacting industries such as manufacturing, technology, healthcare, engineering and construction, and professional services. Key findings from the report include: 

• Manufacturing is the top targeted industry by malicious actors, with 377 verified reports of ransomware and database leaks. 
• Technology saw a 12.75% decrease in ransomware attacks and data leaks. 
• Healthcare and life sciences ransomware and data exposure incidents increased by 180% in February 2024 when compared to February 2023. 
• Engineering and construction experienced a 46.15% increase in cyberattacks.
• Professional services saw a 15% increase in ransomware attacks and data leaks. 

Security leaders weigh in

Darren Guccione, CEO and Co-Founder at Keeper Security:

“The growing adoption of digital technologies in sectors like manufacturing and construction has led to the integration of Information Technology (IT) and Operational Technology (OT) systems in many organizations. While enhancing efficiency, this move presents heightened cybersecurity risks. To mitigate these risks, maintaining network segmentation, as well as a clear separation between IT and OT networks is vital. This separation limits the attack surface, protects infrastructure and ensures business continuity by preventing IT breaches from disrupting essential OT processes, such as operational controls and safety systems.  

“To better prepare for future attacks, organizations must focus on building resilience through a zero-trust security model, which limits access based on strict verification protocols, and by enforcing the principle of least-privilege access. Additionally, the integration of real-time threat intelligence and continuous monitoring can help identify vulnerabilities and potential threats before they escalate into full-blown incidents. Another lesson is the importance of maintaining robust backup and recovery protocols. In the face of a ransomware attack, having isolated and regularly updated backups can make the difference between a quick recovery and prolonged operational downtime.”

Stephen Kowski, Field CTO SlashNext Email Security+:

“I expect breaches and ransomware attacks to continue increasing throughout the rest of 2024, especially targeting healthcare, critical infrastructure and supply chains. Recent high-profile incidents in these industries highlight the ongoing vulnerabilities. To combat this, organizations need to focus on strengthening email security, implementing zero trust architectures, and improving threat detection and response capabilities.

“Manufacturing and construction sectors should prioritize securing operational technology networks and implementing zero-trust architectures. Organizations should deploy AI-based anomaly detection to identify unusual patterns in industrial control systems. Implement comprehensive email and collaboration security to prevent phishing and social engineering attacks targeting employees. Organizations should also implement behavioral analytics and machine learning to detect subtle indicators of compromise. Finally, regularly test incident response plans and conduct tabletop exercises to prepare for large-scale attacks on critical systems.

“As we move towards 2025, major ransomware trends will likely continue to include more targeted attacks on critical infrastructure, increased use of AI for evasion, and expansion of double extortion tactics. Security teams should prepare by implementing adaptive AI defenses, focusing on protecting sensitive data and enhancing resilience through robust backup and recovery processes.”

Marcus Fowler, CEO of Darktrace Federal:

“Due to the diversity of devices and bespoke protocols often used in industrial control systems, many critical infrastructure organizations struggle to maintain an accurate and up-to-date catalogue of all their assets. It is crucial that organizations have visibility into all their assets, not just those identified as critical — you cannot protect what you cannot see. This is especially critical as multi-stage and multi-domain attacks are now widely used by adversaries, who take advantage of a lack of visibility and siloes to move undetected between systems.

“Sophisticated cyber-attacks, fueled by the advent of AI together with automation, and as-a-service offensive tools, are outpacing current incident preparation, response, and management processes. Security teams often rely on outdated response strategies — like static pre-defined playbooks and tabletop exercises — that fail to deliver efficient and comprehensive situational awareness and recovery. Incident response playbooks are often created in a vacuum in a one-size-fits-all format for general attack types — for example, an organization might have one for ransomware and one for DDoS attacks, etc. While these playbooks may satisfy compliance requirements, their efficacy in a real-life incident is limited as the reality of an attack never quite aligns with the generic parameters outlined in a static playbook. 

“Organizations need to focus on collaborative integration of security solutions across the incident response program and can use both AI and machine learning to automate incident response. There is often a massive amount of incoming data pertaining to ongoing incidents that security teams and incident response teams alike must analyze to keep their networks secure. Automating this analysis makes the process of identifying and triaging ongoing incidents much more efficient, thus freeing up valuable resources. Organizations can configure this automation to ensure that only relevant events are alerted, but potentially malicious events are not missed. AI-augmented tools can also help with more rapid reporting capabilities by creating reports during and after an incident, freeing up security teams to focus on critical remediation tasks. 

“It is critical that organizations practice and drill incident response plans in real time in their bespoke environments to optimize procedures and ensure key players are ready. If a plan is never tested, it is impossible to know where gaps exist — until an incident occurs.”