As we ride the wave and approachthe first working week, let’s take a look at some statistics that will help you stay up-to-date on recent cybersecurity trends
Without argument, 2021 was quite the roller-coaster. Nevertheless, we’ve entered a more hopeful new year, we have come up with a list of impactful cybersecurity statistics that should help you stay at the top of your security and privacy game over the next 12 months.
- 2021 saw the highest average cost of a data breach in 17 years. The cost rose from US$3.86 million to US$4.24 million on an annual basis.
- The COVID-19-powered shift to remote work had a direct impact on the costs of data breaches. The average cost of a data breach was US$1.07 million higher where remote work was a factor in causing the breach.
- The most common cause of data breaches was pilfered user credentials. As a commonly used attack vector, these were responsible for 20% of breaches, with these breaches causing the average cost of US$4.37 million.
- Midway through 2021, IT management software provider Kaseya had its systems compromised by the Sodinokibi ransomware, with the perpetrators asking for a US$70 million ransom – this was the largest ransomware fee demanded yet.
- Social engineering attacks are the gravest threat to public administration, accounting for 69% of all public administration breaches analyzed by Verizon in 2021.
- Shortly after Log4Shell, the critical vulnerability in the Log4j logging utility, was disclosed in December 2021, ESET detected and blocked hundreds of thousands of exploitation attempts, with most of them located in the United States and the United Kingdom.
- 2021 saw an incredible increase in the detection of Android banking malware. In T1 it rose by an incredible 158.7%, and T2 saw a continued growth of 49%. This should be considered a worrying trend since banking trojans have a direct impact on the financials of their targets.
- Four years on, WannaCryptor (also known as WannaCry) is still a global threat to be reckoned with. In T2, the infamous trojan that compromises machines vulnerable to the EternalBlue exploit topped the top ESET’s ransomware detections charts accounting for 21.3% of detections.
- Cryptocurrency investment scams remain as popular as ever. Between October 2020 and May 2021, victims were scammed out of more than US$80 million. The actual number is expected to be higher, since many people are ashamed to admit they have been duped.
- Cryptocurrency has been the preferred payment method for cybercriminals for a while now, especially when it comes to ransomware. As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants.
- Early in 2021, the infamous Emotet botnet, one of the longest-lived and most pervasive malware threats, was disrupted in a large-scale global law enforcement operation. Some 700 command-and-control servers were taken offline during the bust (Europol)
- The Cybersecurity Workforce Estimate, which assesses the number of available cybersecurity professionals worldwide, estimated the pool of specialists in 2021 to be some 4.2 million. That is an increase of 700,000 compared to the previous year.
- The same study also concluded that for the second year running the cybersecurity workforce gap has decreased. In 2020 the number of additional cybersecurity specialists needed by organizations to defend their assets was 3.12 million. That number shrank to 2.72 million in 2021.
- To make up the shortfall of cybersecurity professionals needed to effectively defend the critical assets of organizations, the global cybersecurity workforce would have to grow by around 65%
- 82% of organizations have admitted to increasing their cybersecurity budgets over the past year, with these funds accounting for up to 15% of total IT spending.
- Recent years have seen threat actors move from just infesting systems with ransomware to double extortion where they also threaten to exfiltrate the data and release it to the public or sell it. Threats to leak the pilfered data have seen a sharp increase, going from 8.7% in 2020 to a whopping 81% in the second quarter of 2021.
- There has been a significant increase in the overall costs of remedying a ransomware attack. In 2020 the cost was US$761,106, in 2021 the overall cost of remediating a ransomware attack skyrocketed to US$1.85 million.
- The number of distributed denial-of-service (DDoS) attacks has also been on the upward trend, in part due to the COVID-19 pandemic. 2020 saw more than 10 million attacks occur, 1.6 million attacks more than the previous year.
- In 2020, the Federal Bureau of Investigation’s (FBI) Internet Crime Center (IC3) received a record-breaking 791,790 cybercrime complaints, with reported losses being responsible for some US$4.2 billion in losses.
- Business Email Compromise (BEC) scams remain the costliest cybercrime, with losses surpassing US$1.86 billion in 2020, according to the FBI’s latest available data. In comparison, the second-costliest scam – confidence/romance fraud – registered losses of “only” some US$600 million. (2020 Internet Crime Report)
- The elderly were disproportionally affected by cybercrime, as some 28% of total fraud losses were sustained by victims aged over 60. This accounts for approximately US$1 billion in losses to elderly victims. (IC3 2020 Elder Fraud Report)