Arctic Wolf has published its 2024 Security Operations Report, which explores data and insights gathered from more than 250 trillion security events analysed by the Arctic Wolf Platform over the past year. The report provides actionable insights for security leaders looking to leverage the security operations expertise of one of the largest security operations centers (SOCs) in the world.
With a growing number of security tools and vendors, and record high cybersecurity budgets, the frequency of cyberattacks continues to outpace these investments. Coupled with other significant threats that organisations have faced over the past year, such as widescale IT outages, thousands of new critical vulnerabilities, and the malicious efforts of nation-state actors, many organisations find themselves struggling to manage their cyber risk effectively. Based on real-world observations from more than 6,500 organisations, the 2024 Arctic Wolf Security Operations Report provides an unrivaled deep-dive into the modern threat landscape, arming organisations with the security operations best practices they need to achieve better security outcomes.
Key findings from the report include:
24x7 coverage is key. Nearly half (45%) of security events now occur outside traditional working hours, highlighting how the mass adoption of cloud-based application requires organisation to enable 24x7x365 security monitoring.
The sprawl of security tools overwhelms teams. Identity and access management (IAM) tools have become the leading source of alerts of security operations teams, with identity telemetry accounting for seven of the top ten indicators of compromise during security events
Many industries remain under constant attack. Technology companies have the worst average security posture of all industries examined, while highly regulated industries like Banking, Legal, and Healthcare have the best overall security postures.
Leading business applications remain most targeted. Some of the most commonly used critical business software from Microsoft accounted for three of the top four applications most leveraged by attackers, underscoring the prevalence of cyber risk and the importance for IT and security teams to quickly identify and patch potentially devastating vulnerabilities.
“Organisations that embrace security operations are more secure, more resilient, and better able to adapt to the ever-evolving threat landscape — but the reality is that very few have the expertise or resources to build such capabilities on their own,” said Dan Schiappa, chief product and services officer at Arctic Wolf. “The insights and recommendations in our Security Operations Report will allow readers to not only understand the challenges we collectively face as a cybersecurity industry – but also consider practical steps on how organisations can advance their security journey and fortify their defences to better protect themselves from the evolving tools and tactics used by modern threat actors.”