Tokio Marine HCC International (TMHCCI), a member of the Tokio Marine HCC group of companies, headquartered in Houston, Texas, has today released its Top 10 Cyber Incidents 2024 report.
The year saw a sharp rise in supply chain attacks as global enterprises continued to increase their operational reliance on a complex web of technology and systems. The most significant cyber incidents from 2024 in terms of disruptiveness and financial impact have been compiled by TMHCCI’s Cyber Security Insurance team and listed in the report.
The CrowdStrike incident was noted as one of the most significant IT outages of the past year, affecting 8.5 million devices globally and leading to global losses of approximately $5.4 billion. The incident stemmed from a faulty update to its Falcon Sensor security software and caused widespread disruption, particularly for those in the aviation, healthcare and financial service sectors.
This was representative of a key trend last year, with 70% of the incidents listed involving software providers. Nation-state attacks also made up a large proportion of cyber security incidents, with the kinetic cyberattacks carried out during the Israel – Hamas conflict also included.
Top 10 Cyber Incidents 2024
TMHCCI’s top incidents list includes the following:
• CrowdStrike outage
• Change Healthcare ransomware attack
• CDK Global ransomware attack
• Israel – Hamas war kinetic cyberattack
• RegreSSHion software vulnerability
• XZ Utils software vulnerability
• Ivanti VPN attacks
• Salt Typhoon infiltration
• Blue Yonder ransomware attack
• Snowflake cyberattack
Isaac Guasch, Cyber Security Leader at TMHCCI and one of the authors of the report, said: “Businesses must remain vigilant and continue to enhance their cyber security protections. The impact and overall cost of cyber incidents continue to increase, and this is only set to accelerate as companies become more reliant on new and emerging technologies. The clear theme for 2024 was the growing reliance on a select group of third-party software providers, which offers cyber criminals a single avenue of attack against a wide range of different businesses, and presents a threat that is outside of the direct control of individual firms.”
Marc Pujol, Cyber Security Specialist at TMHCCI and co-author of the report, added: “We have identified the continued dominance of a few cloud service providers to be of an increasing significance, and view this as a systemic vulnerability in the global cyber ecosystem. While the major players provide a valuable and essential function to businesses, their structure poses a risk too significant to ignore. Individual businesses must take steps to protect themselves against this clear and immediate threat. As noted in the report, these steps could include utilising on-site data centres, implementing multi-cloud strategies, utilising edge computing and improving due diligence on vendors”.
Risk accumulation and cloud providers
As in previous editions, the report also includes a ‘Bonus Track’, which for 2024 focuses on risk accumulation for cloud providers. The market has become highly concentrated, with Amazon having a 39% market share, followed by Microsoft (23%), Google (8.2%), Alibaba (7.9%), Huawei (4.3%) and a series of other small providers making up the remaining 17.6%.
This overreliance on a small number of providers means a huge portion of companies across the globe have become operationally dependent on a select few firms, become increasingly exposed to geopolitical risk, and created a single point of failure, which could cause a ripple effect across sectors, as shown in the CrowdStrike outage.
The report outlines diverse strategies to mitigate this growing threat and highlights the need to customise the use of these strategies for optimal results, taking into account the unique characteristics of each business. The authors also stress the necessity of finding a balance between technological innovation and risk resilience.
Access the full report for the complete data and comments.
|
