Earlier this year, I wrote a FORBES article entitled “Alarming Cybersecurity Statistics: What You Need to Know for 2021".Alarming Cybersecurity Stats: What You Need to Know for 2021 (forbes.com)He presented a variety of statistics on the growing threats to our digital well-being as businesses, governments and consumers. Against the backdrop of a series of high profile cyber attacks such as Solar Winds and Colonial Pipeline, the article painted a bleak assessment of the state of the cyber threat ecosystem in the first half of 2021. Now we come to the second half. 2021. Just when we thought things couldn't get much worse from a cybersecurity stats standpoint, it did.
Best cyber security
Americans seem to be waking up to the need for better cybersecurity
Let's start with a positive statistic, it looks like the majority in the US is finally waking up to cyber threats. Awareness is an important step! A Pearson Institute and Associated Press-NORC Center for Public Affairs Research survey shows that "about 9 out of 10 Americans are at least somewhat concerned about hacking involving their personal information, financial institutions, government agencies, or public services." two-thirds say they are very or extremely concerned." One of the main reasons for the rise in cybercrime and security breaches is that most people simply see the problem as someone else's problem. Protecting our digital identities and data is a everyone's problem and it's global.Cyber attacks hit the US hardest: Pearson/AP-NORC Survey (techxplore.com)
The number of data breaches in 2021 exceeded that of 2020
More bad news in 2021, according to theIdentity Theft Resource Center (ITRC)The number of publicly disclosed data breaches so far this year has already surpassed the 2020 total, so 2021 is on track to be a record year. Eva Velasquez, president and CEO of the ITRC, said 2021 is just 238 violations away from hitting the one-year record. “It is also interesting to note that the 1,111 data breaches affect the quantity and quality of data extracted by hackers. far from cyberattacks, this year exceeds the total number of data breaches from all causes in 2020.” For me, the important thing is not the number. They become more systematic in their alignment.2021 security breach volume already exceeds 2020 total - Infosecurity Magazine (infosecurity-magazine.com)
Here are some useful reference articles on cyberattacks in 2021:The 15 Biggest Cybersecurity Attacks of 2021Top 15 Cybersecurity Attacks of 2021 - Privacy For an ongoing review of the status of cyberattacks:The Biggest Cyber Attacks of 2021 (So Far) The Biggest Cyber Attacks of 2021 (So Far) - GEEKS
MORE FOR YOU
Ransomware here, there, everywhere and more!
Cybersecurity Ventures estimates that ransomware costs are expected to reach $265 billion by 2031. Cybersecurity Ventures analysis predicts that there will be a new attack every 2 seconds as ransomware criminals gradually refine their malware payloads and associated extortion activities.It is estimated that the global damage costs caused by ransomware will exceed $265 billion by 2031 (cybersecurityventures.com)
A report by FinCEN The conclusion of the report clearly points to an increase in ransomware-related activity throughout 2021:
- Financial institutions filed 635 suspicious activity reports related to suspicious ransomware activity in the first half of 2021.
- The SARs flagged 458 suspicious transactions totaling $590 million.
- Numbers for the first half of 2021 exceed the $416 million reported for the full year of 2020, showing an increase in ransomware activity.
- The average number of reported ransomware transactions per month in 2021 was $102.3 million.
- Based on SAR data, FinCEN said it identified 68 different ransomware variants active in the first half of 2021.
- The most frequently reported variants in the first half of 2021 were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos.
Financial trend analysis (fincen.gov)
The US Treasury said it linked $5.2 billion in BitCoin transactions to ransomware payments.
The U.S. Department of the Treasury's Financial Crimes Investigation Unit, also known as FinCEN, announced today that it has identified approximately $5.2 billion in outgoing Bitcoin transactions that may be linked to ransomware payments.
According to a report by Palo Alto Networksunit 42The Security Consulting Group's average ransomware payout increased 82% to a record $570,000 in the first half of 2021 from $312,000 in 2020.Lawsuits Against Ransomware Criminals Rise as Aggressive Tactics Pay Off | fox business
For more information on ransomware issues, see:edge ransomware; a new warning from Chuck Brooks"The current state of the cyber case is particularly alarming, as ransomware attacks not only increase in numbers, but also increase financial and reputational costs for companies and organizations.”edge ransomware; a new alert (forbes.com)
The supply chain, a weak link for hackers to exploit
That's what a new study from a cybersecurity company saysAzulVoyantshows that the supply chain is a magnet forcyber breaches“A staggering 97% of organizations have been impacted by a cybersecurity breach in their supply chain, and 93% admitted to experiencing a direct cybersecurity breach due to vulnerabilities in their supply chain.”Cybersecurity breaches in the supply chain affect an alarming percentage of companies: Research | fox business
“Supply chain attacks in the US increased by 42% in the first quarter of 2021 and affected up to seven million people, according to the research.The Identity Theft Resource Center (ITRC) analysis of publicly disclosed data breaches in the first quarter found that 137 companies reported being affected by supply chain cyber-attacks on 27 different third-party vendors."Worrying" rise in cyber-attacks on supply chains - Supply Management (cips.org)
For more information on supply chain cyber issues, please visit:Chuck Brooks: Government focuses on securing cyber supply chain
“Supply chain issues are formally included in the federal government's security strategy. InMay 15, 2019,The White House executive order to help secure the supply chain (public and commercial) poses an unreasonable risk of sabotage or subversion of the design, integrity, manufacture, production, distribution, installation, operations or maintenance of any information and communication technology or services in the United States”.
The means to address supply chain vulnerabilities is increased government-industry collaboration, highlighted in policy initiatives such as NIST and supply chain security working groups established by the executive branch. More specifically, it requires establishing a risk management process that identifies vulnerable systems (especially legacy ones) and gathers information about all elements of the supply chain."
Chuck Brooks: Government Focuses on Protecting Cyber Supply Chain - GovCon Wire
IoT as main target of data breaches
Cyber-physical (OT/IT) systems and the integration of millions of devices into our lives have created an IoT cybersecurity challenge for individuals, businesses and governments.
Because IoT devices store, transmit and process so much vital data every day, they are the perfect target for cybercriminals.5,200 Cyber Anguishevery month."Cyber Threats Surrounding IoT Devices in 2021 - Kratikal Blogs
Every IoT device presents an attack surface that can give hackers a way to access your data. A Comcast report found that the average household receives 104 threats a month. The most vulnerable devices include laptops, computers, smartphones and tablets, network cameras and storage devices, and video streaming devices, according to a new report.Cybersecurity Report: Average household hit with 104 threats per month - TechRepublic
For a complete statistical overview of IoT, see "Internet of Things Statistics for 2021: Taking Things Apart".45 Fascinating IoT Statistics for 2021 | The state of the industry (dataprot.net)
Read my recent FORBES article:Cybersecurity Threats: The Formidable Challenge of Securing the Internet of Thingsto see some of the current and future IoT cybersecurity challenges. “Using a comprehensive risk management approach to understanding and mitigating IoT threats can go a long way in reducing security vulnerabilities in this regard. Improved cybersecurity readiness must be a priority for all stakeholders.”Cybersecurity Threats: The Daunting Challenge of Securing the Internet of Things (forbes.com)
Cyber risks and risk management
Cybersecurity is all about risk management. The list of cyber risks compiled by Fortinet below speaks volumes:
- cyber risksIDC ForecastBy 2025, there will be 55.7 billion connected devices, 75% of which will be connected to the IoT. IDC also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
- cisco dataI appreciate thatDistributed Denial of Service (DDoS) attackswill grow to 15.4 million in 2023, more than double the 7.9 million in 2018.
- DDoS attacks have become more common in 2020, with theNETSCOUT threat informationreport 4.83 million attacks in the first half of the year. This equates to 26,000 attacks per day and 18 per minute.
- More than four-fifths of data breaches in 2020 (86%) were economically motivatedVerizon's 2020 Data Breach Investigations Report (DBIR).
- Security threats to industrial control systems (ICS) and operational technology (OT) more than tripled in 2020Annual review of Dragos Inc..
- McKinsey Perspectivenotes that 70% of security leaders believe their budget will shrink in 2021, limiting and reducing their spending on compliance, governance and risk tools.
- Businesses need to protect their networks, systems, and users from a number of major cybersecurity threats. For example,Verizon 2020 DBIRfound that 70% of security breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% involved phishing or phishingSocial development.
Key cybersecurity stats, facts, and figures for 2021 (fortinet.com)
My infographic below can be used as a guide in planning cyber risk management strategies. A successful cyber risk strategy requires a deeper assessment of situational awareness, information sharing, and especially resilience.
In 2021, cyber device connectivity has grown exponentially, as have cyber intrusions and threats from malware and hackers. The year is not over and more data has already been compromised than ever before. Hopefully 2022 cyberattack statistics will be less productive and expensive.
About the author:
Chuck Brooks, president of Brooks Consulting International and adjunct professor at Georgetown University, is a technology evangelist, business executive, public speaker, author, government relations, business development and marketing executive. LinkedIn named Chuck one of the "Top 5 Tech People to Follow on LinkedIn". He was best ranked as one of the world's "Top 10 Cybersecurity and Technology Experts", "Top 50 Global Influencer in Risk, Compliance" by Thomson Reuters, "Best of the Word in Security" by CISO Platform and IFSEC as "# 2 global cybersecurity influencer". He was featured in Onalytica's "Who's Who in Cybersecurity" 2020 and 2021 as a top influencer on cybersecurity and risk management. He has also been recognized by CISO Platform as "Best in The World in Security", by Executive Mosaic as one of the "Top 5 Executives to Follow on Cybersecurity" and by Thinkers360 as a "Top Leader in Cybersecurity and Emerging Technologies". Chuck was named a "Top 50 Global Marketer" by Oncon in 2019 by his industry peers.
Chuck is also a cybersecurity researcher for The Network at The Washington Post, guest editor for Homeland Security Today, executive expert for Mosaic/GovCon, and contributor to FORBES.
Siga Chuck no LinkedIn:
LinkedInChuck Brooks - Associate Professor - Georgetown University | LinkedIn
Siga a Chuck no Twitter @ChuckDBrooks