Governments and companies around the world are concerned about the growing risks of cyberattacks against their critical infrastructure. The pandemic and the current crisis in Ukraine have intensified cyberattacks as criminals continue to direct their efforts toward leveraging increasingly sophisticated forms of malware. Many public and private institutions have already faced such attacks. Cybercrime, which ranges from identity theft to data destruction, has increased by 600% because of the COVID-19 pandemic, and IoT cyberattacks alone are expected to double by 2025. Furthermore, experts estimate that the cost of these attacks will reach around $10.5 trillion per year by 2025.
5 Worrying Statistics Any Business Manager Should Know About
According to Accenture’s “Cost of Cybercrime” study, 43% of cyberattacks target small businesses, but only 14% are prepared to defend against it. This may seem surprising to small business owners who believe their organizations are unlikely to be attacked. In most cases, hackers attack companies where they easily identify vulnerabilities. Therefore, any business that does not have robust cyber protection mechanisms is likely to become a victim. Furthermore, 45% of SMEs say their processes are ineffective in mitigating attacks. And according to an InsuranceBee survey, 83% of SMEs are not financially prepared to recover from a cyberattack.
Companies suffered 50% more cyberattack attempts per week in 2021. The increase, partly caused by Log4j vulnerability, helped push cyberattack attempts to a new peak in Q4 2021. The education/research sector suffered the highest number of attacks in 2021, followed by government/military and communications spheres according to Check Point research.
Ransomware attacks increased in 2021 and it was estimated that every 11 seconds a company was the victim of such an attack. SonicWall reported a 1,885% increase in ransomware attacks on government institutions last year, 775% for healthcare organizations, 152% for education organizations, and 21% for retail. Ransomware volume has risen 232% since 2019.
Phishing was used in 36% of cyberattacks in 2021 according to Verizon’s data. These include incidents where the scam was designed to capture sensitive information or financial details as well as those where phishing emails were part of larger campaigns, such as a ransomware attack. Moreover, Verizon’s “2022 Data Breach Investigations” report shows year-over-year ransomware attacks increasing by 13%—a growth rate greater than the previous 5 years combined.
BEC (business email compromise) is a type of phishing attack where scammers pretend to be senior employees and ask their victims to make bank transfers to accounts that are controlled by scammers. According to the Anti-Phishing Working Group report, the average bank transfer request in BEC scams cost approximately €92,700 last year. In the first quarter of 2022, APWG observed a total of 1,025,968 phishing attacks. “This was the worst quarter for phishing that APWG has ever observed, and the first time that the quarterly total has exceeded one million. The financial sector was the most frequently victimized by phishing in Q1, with 23.6% of all attacks,” according to the report.
EU Proposes Cybersecurity Rules for European Bodies
Amid concerns that cyberattacks could disrupt key activities and steal sensitive information, the EU is proposing cybersecurity rules for European bodies. The European Commission has recently announced that EU countries should put a framework in place to manage cybersecurity risks in EU institutions.
“In a connected environment, a single cybersecurity incident can affect an entire organization. This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act. The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response,” Budget Commissioner Johannes Hahn said in a statement.
The proposal is part of a package of draft rules, called the Cybersecurity Regulation, which also proposes the creation of cybersecurity committees to oversee the implementation of these new rules. The proposed new cybersecurity regulation states that all European Union institutions, bodies, offices and agencies will be required to have cybersecurity frameworks for governance, risk management, and control.
Government Agencies in the United States Warn Organizations About a Data Extortion Group
Several U.S. government agencies recently issued a joint cybersecurity alert to warn businesses about a data extortion group named “Karakurt.” The group does not appear to target any specific sectors, industries, or types of victims.
“Karakurt actors have employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Karakurt victims have not reported encryption of compromised machines or files; rather, Karakurt actors have claimed to steal data and threatened to auction it off or release it to the public unless they receive payment of the demanded ransom. Known ransom demands have ranged from $25,000 to $13,000,000 in Bitcoin with payment deadlines typically set to expire within a week of first contact with the victim,” the joint advisory notes.
Conclusion
As cybercriminals continue to exploit the ongoing crisis in Ukraine and companies are still struggling to recover after the COVID pandemic, cybersecurity has become a key priority.
