I wrote a FORBES piece about some of the facts and patterns that applied to Halloween and Cybersecurity Awareness Month last year (please see link). After another year, the online environment and digital dangers are still unsettling, if not more so. So, it is time again to explore some of the stats and trends.
For Cybersecurity Awareness Month (and Halloween) – Some Scary Cyber Threat Stats
Stats: Cyber Attacks Continue to Grow In Both Numbers and Sophistication
“In 2023, the World Economic Forum for the first-time ranked cybercrime and cybersecurity as one of the top ten global risks, over both a 2-year and 10-year period.
Legislation in the United States and across the ocean in Europe is moving in the direction of placing responsibility for cyber risks in a company on the senior management and the board. The days when management claimed that a cyber incident was the responsibility of solely the Chief Information Security Officer (CISO), the head of IT or the external provider will soon be over.
The number and scale of cyber threats are increasing exponentially, and in today’s interconnected and technology-driven business world, the question is no longer if your organization will be affected by a cyber-attack, but when. Factor in the current landscape of disruptive technologies such as AI, IoT, 5G, the metaverse, quantum computing, in the backdrop of trade wars, complex supply chains, partner ecosystems, hacktivism, ransomware, and you get a frightening picture of the days ahead. —- Mitch Scherr, CEO Recyber
Source: Home – Recyber
Proportion of businesses suffering cyberattacks grows for fourth straight year: Hiscox
Over 87% of businesses across the world see cyber as the number one threat to their financial health, and view it as more of a threat than an economic downturn and skill shortages. according to the latest Hiscox Cyber Readiness Report. The report’s findings included:
- Over half (53%) of businesses suffered at least one cyber-attack over the last 12 months
- The impact of cyber risk cannot be underestimated, with one in five firms (21%) attacked saying it was enough to threaten the viability of the business
- Frequency of cyber-attacks is increasing for small businesses with 10 employees or less
- Business Email Compromise remains the hackers’ weapon of choice
Source: Hiscox research finds increased prevalence of cyber attacks on businesses for fourth consecutive year | Hiscox Group
Cybercrime Expected To Skyrocket in Coming Years
The volume and velocity of attacks have increased, as have the costs incurred by victims, with the 2022 Official Cybercrimes Report from Cybersecurity Ventures estimating that the cost of cybercrime will jump from $3 trillion in 2015 to a projected $10.5 trillion in 2025. According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. Cybercrime is defined by Cyber Crime Magazine as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation.
Source: https://www.statista.com/study/140265/global-cybersecurity-outlook-2023/ restoration and deletion of hacked data and systems, and reputational harm.”
Trend: Investments in Cybersecurity Will Grow
Cyber investments on pace to reach $215B in 2024: Gartner
A Moody’s survey of more than 1,700 rated debt issuers underscores the increased investments organizations are making in cybersecurity in response to regulatory requirements and increased cyber risk. Cybersecurity spending levels increased 70% from 2019 to 2023, according to Moody’s 2023 cyber survey. The share of technology funds allocated to cybersecurity is also growing. Organizations said they devoted 8% of their technology budgets to cybersecurity in 2023, up from 5% in 2019, according to Moody’s 2023 cyber survey
Source: Cyber investments on pace to reach $215B in 2024: Gartner | CIO Dive
CB Comments: these statistics do not lie. The expansion of connectivity of people and devices on the internet has greatly enlarged the attack surface target area for breaches. Also, the development of the Internet of Things has also completely changed the dynamics and the size of the expanding cyber-attack surface. With an estimated 50 billion connected devices and trillions of sensors working among those devices, hackers have a multitude of options to breach cyber-defense and exfiltrate data. At the same time, criminal hackers are automating more of their phishing attacks with artificial intelligence and exponentially reaching many more businesses, agencies, and consumers. Unfortunately, despite the threats, not enough small, medium, and large businesses have embraced the cybersecurity imperative seriously enough. Until they do the numbers of breaches and amounts paid in ransomware extortion will continue to rise. And, as the connectivity expands, the threats become more and more sophisticated. Cybersecurity investments will need to grow.
Stats: The Same Cyber Threats, Malware, Phishing, and Ransomware Persist, But Are More Advanced
Malware & Phishing dominate the 2023 cyber threat landscape
The report found that 45.3% of all threats involve malware or malicious software infecting a device, with phishing, deceptive emails or messages that trick users into giving private information coming in at 43.6%.
Phishing remains the most common attack, with the 2023 Comcast Business Cybersecurity Threat Report finding that nine out of 10 attempts to breach its customers’ networks started with a phish.
Malware & Phishing dominate the 2023 cyber threat landscape | Cyber Magazine
Report: Ransomware payouts and recovery costs went way up in 2023
In a repeat of 2022, 66% of respondents in Sophos’s 2023 survey claimed their organization had been hit by a ransomware attack. While that number remained steady, the average payout increased dramatically, year to year – from $812,380 in 2022 to $1,542,333 in 2023. The proportion of organizations paying higher ransoms also increased since 2022, with 40% reporting payments of $1 million or more compared to just 11% last year
Ransomware has only become more sophisticated and more widely available over time. In fact, cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments.
Report: Ransom payouts and recovery costs went way up in 2023 | SC Media (scmagazine.com)
‘Record-breaking’ DDoS attacks reported by tech firms
Tech firms Google, Amazon, Cloudflare, and Microsoft say they’ve thwarted a series of “record-breaking” distributed-denial-of-service cyberattacks that occurred over the last few months and represent a new type of DDoS technique. Big Tech firms reveal record-breaking DDoS attacks (siliconrepublic.com)
NETSCOUT HAS IDENTIFIED ALMOST 7.9 MILLION DDOS ATTACKS IN THE FIRST HALF OF 2023 ACCORDING TO ITS LATEST DDOS THREAT INTELLIGENCE REPORT
“While global events and the expansion of the 5G network have spurred an increase in DDoS attacks, adversaries continue to evolve their approach to be more dynamic by leveraging bespoke infrastructure such as bulletproof hosts or proxy networks to launch attacks,” said Richard Hummel, manager Senior Intelligent Threat Officer at NETSCOUT. “The life cycle of DDoS attack vectors reveals the persistence of adversaries to find and weaponize new attack methods, while DNS water torture and carpet-bombing attacks have become more prevalent.” NETSCOUT HAS IDENTIFIED ALMOST 7.9 MILLION DDOS ATTACKS IN THE FIRST HALF OF 2023 ACCORDING TO ITS LATEST DDOS THREAT INTELLIGENCE REPORT – Archyde
CB Comments: Phishing is the method of choice for many hackers. Most people know that phishing is a technique hackers employ to spread malware or steal your sensitive information. Anybody can fall for a targeted phish, especially if it appears to be from a bank, business, or website you frequently visit. It can also masquerade as a private email from an individual at the top of the organizational hierarchy. Phishing software can be found online, but it usually comes as an email attachment.
Advances in technology have rendered phishing more accessible to cybercriminals. They have easy access to digital images and social engineering data, and a vast array of phishing tools at their disposal, some of which are automated by machine learning. Hackers often combine spear-phishing, a technique they use to target executives at companies or organizations, with ransomware. Over the course of its nearly two-decade history, ransomware has grown in popularity because it makes it simpler for hackers to make money. At this moment, there are estimated to be more than 120 different types of ransomwares, and hackers have become highly skilled at hiding malicious code. To succeed, hackers don’t always need to utilize the newest and most sophisticated software. For a hacker, it is not too hard to complete. Given how easy it is to conduct an internet attack, they usually rely on the target that is most vulnerable at the proper moment.
Attacks on cybersecurity can take many different shapes and employ a range of technical strategies. There are always going to be breaches in the government and business sectors. Botnets are one type of exploitation that malicious hackers might utilize with disastrous and pervasive results. Botnet cyberattacks are not new; they have been around for nearly 20 years, but they are becoming more common and present serious risks. These are not just executed by organized criminal hacking gangs, but also by state-sponsored intelligence agents. Thanks to developments in machine learning and artificial intelligence, bot nets can now easily automate and scale up cyberattacks quickly. Cybercriminals are also using an increasingly popular Bot-as-a-Service to outsource attacks.
Stats: Cyber Hygiene Still A Major Issue for Cybersecurity
Poor cybersecurity habits are common among younger employees.
One in three employees believe their actions do not impact their organization’s security, according to Ivanti. Poor cybersecurity habits are common among younger employees – Help Net Security
The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).
This is true about performing password hygiene, clicking on phishing links and sharing devices with family and friends:
- 38% of office workers under 40 use the same passwords on multiple devices, compared to 28% of office workers older than 40.
- 34% of office workers under 40 shared work device(s) with family or friends, compared to 19% of office workers older than 40.
- 34% of office workers under 40 use a birthdate in their password, compared to 19% of office workers older than 40.
- 13% of office workers under 40 clicked on a phishing link when targeted, compared to 8% of office workers older than 40.
CB Comments: The fact that younger generations are not following basic cyber-hygiene is disconcerting. Cyber hygiene is a crucial component for any business or person. The fundamentals can be achieved with strong passwords, multifactor authentication, and understanding when to click on a scam. Human carelessness is the cause of the most successful virus infections. Maintaining good online hygiene might reduce a person’s vulnerability to hackers. Another crucial piece of advice is to make sure you backup your vital data, ideally to a different device that is isolated from the targeted phone or computer. It is not a bad idea to invest in anti-phishing software if you are an individual or small business. It raises another obstacle. Additionally, I advise keeping a close eye on your credit and social media accounts for any irregularities.
Insecure passwords have long been perceived by hackers as the quickest way to get access to valuable data. However, a lot of people continue to use simple passwords like #132456 #password or their birthdays, which provide minimal obstacles for hackers to gain access to their accounts. Since social media has made us all social media creatures, hackers can employ social engineering techniques by looking through your social media accounts and highlighting pet names—which are frequently used as passwords; I’ll admit that I’ve done it too—or other identifiable items that might provide hints about passwords and interests. The fact that there are algorithmic algorithms that can “guess” passwords using marketing data and public social media sites is very concerning.
Trends: Artificial Intelligence Seems to be The Biggest Trend – for Everything, including Cybersecurity
80% of enterprises will have incorporated AI by 2026, according to a Gartner report Think AI has a lot of hype now? It’s going to accelerate in the next two years — especially in the enterprise.
80% of enterprises will have incorporated AI by 2026, according to a Gartner report | ZDNET
Attackers are using ChatGPT to refine malware, personalize phishing emails and fine-tune algorithms designed to steal privileged access credentials.
International Data Corporation (IDC) says AI in the cybersecurity market is growing at a CAGR of 23.6% and will reach a market value of $46.3 billion in 2027
CB Comments: We have been anticipating artificial intelligence’s arrival and AI is becoming mainstream. Machine learning and natural language processing, which are already commonplace in our daily lives, are components that contributed to the creation of AI. These days, AI is capable of comprehending, diagnosing, and resolving issues from both organized and unstructured data, sometimes even without the need for special programming.
This tech trend has ramifications for cybersecurity. To put it plainly, artificial intelligence strengthens cybersecurity in our interconnected environment by acting as a catalyst and facilitator.
Trends: The Future Is Around the Corner and it is not just Artificial Intelligence, it is Quantum
The United States passed the Quantum Computing Cybersecurity Preparedness Act in December 2022, codifying into law a measure aimed at securing federal government systems and data against the quantum-enabled cyberattacks that many expect will happen as quantum computing matures.
Quantum Tech Needed To Secure Critical Data From Quantum Decryption
One company called Quantum Computing Inc. (QCI) (NASDAQ:QUBT), is ahead of the game and operates a full-stack quantum solutions company that is on a mission to accelerate the delivery quantum information processing hardware systems with both performance and cybersecurity benefits. With their existing quantum photonics technology offerings, it is already feasible for the company to replace classical type computing with entropy quantum computing to strengthen key sources for any cryptographic task. Robert Liscouski, CEO of QCI says that Quantum Photonic technology “can also be leveraged to provide Quantum Encryption + Quantum Authentication on the same platform and is a full solution to replace public-private key cryptography that is vulnerable to evolving quantum threats. About Us | Quantum Computing Inc.
Quantum Tech Needed To Secure Critical Data From Quantum Decryption (forbes.com)
CB Comments: Quantum computing is presently at the doorstep of civilization. Unprecedented processing speed and predictive analytics will be possible with quantum computing, enabling problem-solving. Quantum technology is expected to transform various fields, such as real-time analytics and cybersecurity. It does this by processing data inputs using the distinct characteristics of subatomic particles. Photonics, because of its stability and cost, is certainly one of the most prudent paths for cybersecurity. We will still be living in a time of quantum discoveries in 2024. On the other hand, there is no doubt that a new quantum era is approaching. Although we’re still in the early stages of quantum computing, it might happen sooner than we think. Computing paradigms as we know them will change in the future when artificial intelligence is combined with classical, biological, chemical, and quantum computing.
In today’s hyperconnected digital world, security operators need to be aware of everything that is happening on your system and have the ability to spot anomalies—like malware or misconfigurations—quickly to prevent breaches. All things considered, artificial intelligence (AI) technology can help protect against increasingly damaging and sophisticated malware, ransomware, and social engineering.
In 2023, there have been numerous high-profile data breaches, which is consistent with previous years’ increased quantity and sophistication of cyberthreats. All things considered, 2024 will bring with it a potent mixture of both old and new cyber-threats. For all those attempting to safeguard their data and maintain global stability, this year will be particularly difficult.
Read the full article here