Summary:
“In 2023, organizations were hit hard by cyberattacks, many of which exposed serious weaknesses in security practices. One of the biggest issues was how patching and vulnerability management was handled. In many cases, vulnerabilities in software or APIs were left open for far too long. Attackers were able to exploit these vulnerabilities, with over 38% of breaches being attributed to unpatched software flaws. It’s no surprise that attackers found so many open doors when vulnerabilities were discovered faster than most organizations could patch them. Zero-day vulnerabilities, in particular, were a big problem, because they gave attackers a head start—sometimes attackers could exploit them hours after discovery while defenders were still waiting for patches. And it wasn’t just software issues; weak configurations and exposed services like RDP made it even worse. This is where organizations really stumbled—they didn’t address their internet-facing attack surfaces quickly enough or effectively enough, leaving themselves wide open.

Another big issue was gaps in monitoring and security coverage. With the way IT infrastructures are today, spanning cloud, on-prem, hybrid, and multi-cloud environments, it’s almost impossible to maintain full visibility across all endpoints. Organizations often had security tools deployed in silos, which meant certain parts of their networks weren’t being monitored or protected at all. This led to blind spots where attackers could hide and operate undetected, moving laterally, escalating privileges, or exfiltrating data without anyone noticing. The challenge wasn’t just a lack of tools but the inconsistency in how and where they were deployed, leaving certain areas more vulnerable than others. Security teams couldn’t monitor everything at once, so some attackers just slipped through the cracks. And let’s face it—security coverage is tough when every organization has so many different devices—laptops, desktops, mobile devices, even IoT things—connecting to the network in different ways. If they don’t have a unified system, it’s like trying to patch holes in a leaky boat that’s constantly taking on water.

And then, there’s the issue of overprivileged identity and access management (IAM). Credential theft isn’t new, but it’s getting worse. Attackers are targeting overly privileged accounts because they know those accounts give them access to everything. Employees are often granted more access than they need, either because of poor IAM policies or because giving them the access was easier than restricting it. The result is that when attackers get their hands on stolen credentials, they can escalate their privileges and go deeper into systems, often undetected. Even with multi-factor authentication (MFA) in place, if employees have too much access or weak password hygiene, attackers can still make significant inroads. The lack of strict policies around who gets access to what and how access is managed is a big gap that organizations failed to address, putting critical systems at risk” (PaloAlto2024).

Security Officer Comments:
According to the report - to avoid these issues moving forward, organizations need to get better at patch management—not just patching, but doing it quickly. It’s crucial to identify vulnerabilities before attackers can find them. Rapid response times are essential, and organizations need to prioritize patches based on the potential risk. Monitoring and coverage also need to be improved. There has to be consistent coverage across every part of the network—no more leaving some sections of the IT environment exposed or unmonitored. This means integrating security tools to provide a unified view, so there aren’t gaps in detection. Finally, a more restrictive approach to IAM is necessary—giving employees just the access they need and no more. Organizations should follow the principle of least privilege, continuously monitor access, and make sure multi-factor authentication is always enforced. Only by focusing on these key areas—vulnerability management, comprehensive coverage, and controlled access—can organizations truly defend themselves against the evolving cyber threat landscape.

Link(s):
https://www.paloaltonetworks.com/bl...ons-were-unprepared-for-cyberattacks-in-2023/