MORE Alarming Cybersecurity Stats For 2021....How About Risk Management?!

2021-10-25 12:38

Reports

MORE Alarming Cybersecurity Stats For 2021!

by Chuck Brooks- Forbes​ 

Earlier this year I wrote a FORBES article called “Alarming Cybersecurity Stats: What You Need To Know For 2021.”  Alarming Cybersecurity Stats: What You Need To Know For 2021 (forbes.com) It included an assortment of stats on the increase in threats to our digital wellness as companies, governments, and consumers. The article was based on the backdrop of a spate of high-profile cyber-attacks such as Solar Winds, and Colonial Pipeline and had painted a dire assessment of the 2021 first half status of the cyber-threat ecosystem. Now we have reached the second half of 2021. Just when we thought it could not get much worse from a cybersecurity stat perspective, it did.

Better Cybersecurity

Americans Seem To Be Wakening Up To The Need for Better Cybersecurity

Let us start with a positive stat, it appears that in the U.S. most are finally waking up to the cyberthreats. Awareness is an important step! A poll by The Pearson Institute and The Associated Press-NORC Center for Public Affairs Research shows that “about 9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities. About two-thirds say they are very or extremely concerned.” A significant reason while cybercrime and breaches are rising is that most people just view at as someone else’s problem. Securing our digital identities and data is everyone’s problem and it is a global one. Cyberattacks concerning to most in US: Pearson/AP-NORC poll (techxplore.com)

The Number of Data Breaches In 2021 Have Soared Past That Of 2020

More bad news in 2021, according to the Identity Theft Resource Center (ITRC) The number of data breaches publicly reported so far this year has already exceeded the total for 2020, putting 2021 on track for a record year. Eva Velasquez, President and CEO of the ITRC, said 2021 is just 238 breaches away from tying the record for a single year. “It’s also interesting to note that the 1,111 data breaches that the amount and quality of data being exfiltrated by hackers. from cyber-attacks so far, this year exceeds the total number of data compromises from all causes in 2020.” For me, the take-away is not the number. They are becoming more systematic in their targeting. Breach Volumes for 2021 Already Exceed 2020 Total - Infosecurity Magazine (infosecurity-magazine.com)

Here are some useful reference articles on cyber-attacks in 2021: 15 Biggest Cybersecurity Attacks in 2021 15 Biggest Cybersecurity Attacks in 2021 - Privacy Affairs For a running tally on the state of cyber-attacks: The Biggest Cyber Attacks of 2021 (So Far) The Biggest Cyber Attacks of 2021 (So Far) - GEEKS

Ransomware, Here, There, Everywhere And More Of It!

The firm Cybersecurity Ventures estimates that Ransomware Costs Expected to Reach $265 Billion by 2031. The Cybersecurity Ventures analysis predicts that there will be a new attack every 2 seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities. Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 (cybersecurityventures.com)

A FinCEN Report The report’s conclusion unequivocally points to a ramp-up in ransomware-related activities throughout 2021:

 

  • Financial institutions filed 635 SARs in the first half of 2021 related to suspected ransomware activity.
  • The SARs referenced 458 suspicious transactions amounting to $590 million.
  • The H1 2021 figure exceeds the value reported for the entirety of 2020, which was $416 million, showing an uptick in ransomware activity.
  • The average amount of reported ransomware transactions per month in 2021 was $102.3 million.
  • Based on SARs data, FinCEN said it identified 68 different ransomware variants active in H1 2021.
  • The most commonly reported variants in H1 2021 were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.

 

 Financial Trend Analysis (fincen.gov)

US Treasury said it that it has tied $5.2 billion in BitCoin transactions to ransomware payments.

The financial crimes investigation unit of the US Treasury Department, also known as FinCEN, said today it identified approximately $5.2 billion in outgoing Bitcoin transactions potentially tied to ransomware payments.

According to a report from Palo Alto Networks’ Unit 42 security consulting group, the average ransomware payment climbed 82% to a record $570,000 in the first half of 2021 from $312,000 in 2020. Ransomware criminals' demands rise as aggressive tactics pay off | Fox Business

For a deeper dive into ransomware topics please see: Ransomware on a Rampage; a New Wake-Up Call by Chuck Brooks “The current state of cyber-affairs is an especially alarming one because ransomware attacks are growing not only in numbers, but also in the financial and reputational costs to businesses and organizations.” Ransomware on a Rampage; a New Wake-Up Call (forbes.com)

The Supply Chain, A Weak Link For Hackers To Exploit

A new study says by cybersecurity company BlueVoyant shows that the supply chain is a magnet for cyber breaches. “A whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain, and 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.“ Supply chain cybersecurity breaches have hit alarming percentage of firms: survey | Fox Business

“Supply chain attacks rose by 42% in the first quarter of 2021 in the US, impacting up to seven million people, according to research. Analysis of publicly-reported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors.” 'Troubling' rise in supply chain cyber-attacks - Supply Management (cips.org)

For a deeper dive into supply chain cyber issues, please see: Chuck Brooks: Government Focused on Securing the Cyber Supply Chain

“Supply chain issues are being formally adapted into security strategy by the federal government. On May 15, 2019, the White House Presidential Executive order was issued to help secure the supply chain (both public and commercial) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States.”

The remedy to fixing supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain.”

Chuck Brooks: Government Focused on Securing the Cyber Supply Chain - GovCon Wire

IOT as a Prime Target For Breaches

Cyber-physical systems (OT/IT) and the integrations of millions of devices in our lives has created a IoT cybersecurity challenge for people, business, and governments.

As IoT devices store, transmit and process so much essential data every day, they serve as the perfect target for cyber criminals. According to an article published by Cyber Magazine, IoT devices suffer an average of 5,200 cyber-attacks every month.”  Cyber Threats Haunting IoT Devices in 2021 - Kratikal Blogs

Each IoT device represents an attack surface that can be an avenue into your data for hackers. A Comcast report found that the average households is hit with 104 threats every month. The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found. Cybersecurity report: Average household hit with 104 threats each month - TechRepublic  

For a comprehensive statistical overview on IoT, see “Internet of Things statistics for 2021 – Taking Things Apart” 45 Fascinating IoT Statistics for 2021 | The State of the Industry (dataprot.net)

Please see my recent FORBES article: Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things for a look at some of the current and future cybersecurity challenges of IoT. “Using a comprehensive risk management approach to understand and mitigate the threats of the Internet of Things can be of major help to that regard in helping mitigating security gaps. Being more cybersecurity ready should a priority pursuit for everyone connected.” Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things (forbes.com)

Cyber Risks & Risk Management

Cybersecurity is all about risk management. The Cyber Risk list below compiled by Fortinet speaks volumes:

 

  1. Cyber RisksIDC predicts there will be 55.7 billion connected devices by 2025, of which 75% will be connected to the IoT. IDC also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
  2. Cisco data estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018.
  3. DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
  4. More than four-fifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).
  5. Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
  6. McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools.
  7. Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.

 

Top Cybersecurity Statistics, Facts, and Figures for 2021 (fortinet.com)

My infographic below can be used as a guiding tool to help plan strategies to help manage cyber-risk. A successful cyber risk strategy requires stepping up assessing situational awareness, information sharing, and especially resilience.

 

In 2021, the connectivity of cyber devices grew exponentially and so have the cyber intrusions and threats from malware and hackers. The year is not over and already more data has been breached that ever before. Let us hope that that cyber-attack stats for 2022 may less prolific and costly.

Cover Photo: Cyber attack on LED Display. GETTY