While going digital has made life easier for businesses and consumers, the flip side is that the risk of cyber-attacks has also increased. Cases of cyber crimes related to flaws in microchips, crypto-jacking, and massive data breaches, are on the rise. Cyber criminals target everything from online stores and blogs to websites and mobile handsets, to gain access to sensitive information. Cybersecurity threats like SMS phishing, Internet of Things (IoT) based attacks, and ransomware have become common, and with most of the enterprise workload moving to the cloud, instances of malicious hacking are on the rise. Cyber attackers use illegal approaches, methods, and tools, either to gain unauthorised access to or disrupt devices, computers, applications, databases, and networks. These cyber-attacks have the potential to disrupt businesses, damage their reputation and affect the trust that consumers have in them.
2020 saw both new and continuing threats, as new trends developed in cyber threats. In this article, we look at the key cybersecurity statistics for the year 2020 and what cyber security threats defined it.
Cyberattacks are estimated to have cost businesses almost $6 trillion in damage and disruption in 2020, all around the world. To put things in perspective, that's half the annual GDP of China, or a third of the GDP of the USA!
Cybersecurity breaches have been on the rise over the years with no evidence of slowing. Since 2014, it has risen by 67%, and by 11% just from 2018 alone. Through these increasingly frequent attacks, over 4.1 billion records and pieces of user information were exposed in 2020 as a result of cybersecurity breaches, putting people's user accounts and in some cases even personal security at risk.
Research has revealed that approximately 71% of all security breaches were financially motivated, with 25% of all breaches motivated by espionage motives as well--sometimes by state actors, and other times by private entities. Of these damaging security breaches, over half (52%) involved hacking, while 28% involved malware. 33% of these breaches arose from phishing or social engineering (i.e. impersonating trustworthy people to get confidential information from someone).
The average time taken to close off a typical corporate cybersecurity breach was estimated at 11 months, with the time taken just to identify that a breach had occurred at all being an average of 7 whole months.
Given the serious damage these cyberattacks have caused in the past, and their increasing frequency and sophistication, it's important to look back and identify the most common threats that were used in 2020.
Cloud breaches or cloud jacking was the most prominent of all cyber security threats in 2020. As an increasing number of enterprises were storing sensitive data like their business data or employee details on the cloud, they faced new threats like misconfiguration, data breach, insecure interfaces, account hijacking, DDoS attacks, and insider threats. They became targets for hackers who are capable of taking control of and even modifying sensitive files and data stored on the cloud. Cyber attacks can be carried out through third-party libraries, from cross-site scripting and SQL injection. Attackers inject malicious code through third-party libraries and make sure that users will unknowingly download and execute the code.
IoT is any inter-networking of a device with internet connectivity for exchanging data. IoT enabled devices range from computer programs, hardware sensors, and smartwatches. Organisations implemented IoT applications and devices to remotely control and manage infrastructure, enhance customer service, and capture data among other things, and many incidents in 2020 involved hackers leveraging IoT weaknesses to gain access to the network and can also gain control of devices for use in botnets. Alternatively, they simply did so to obtain data such as footage from IoT cameras, for voyeurism and other nefarious purposes. Since most of the new IoT devices are still in their infancy, they lack the processing power for basic protection like encryption, making them vulnerable. It is also not easy to develop cyber security strategies that can keep up with advancements of IoT devices.
Phishing, the most common of cyber attacks, is basically the practice of sending fraudulent emails with malicious links or attachments, to trick victims into believing that the emails are from trusted sources. Phishing is high-reward, effective, and most importantly, requires minimal-investment, making it popular among cyber criminals who want to access sensitive data like credit card numbers and login information. To add on, phishing kits make it extremely easy for cyber criminals with little to no technical skill to deceive unsuspecting users. As per Experian’s 2020 Data Breach Industry Forecast, SMS phishing attempts from hackers target consumers in the guise of fundraising initiatives and through fraudulent messages. One such example is the Nigerian Prince scam, wherein crooks pretend to be foreign royalty and promise millions and all they ask for are your bank account details to transfer the sum.
Ransomware is a type of malware designed to extort money by blocking access to computer systems or files until the ransom is paid. Ransomware attacks have been a concern for businesses since the last couple of years. However, according to Cyber security Ventures, businesses fell victim to a ransomware attack every 11 seconds in 2020 as compared to every 14 seconds in 2019. With the help of simple and cheap ransomware, which is easily available on the dark web, attackers can extort a huge sum of money. There are three main paths through which ransomware can enter a system or device — social media phishing, exploit kits, and email phishing. Ransomware attacks have become increasingly sophisticated over the years as hackers are always in search of innovative ways in which they can create seemingly genuine messages that unsuspecting targets open without thinking.
Mobile malware is a malicious software designed to damage or gain unauthorised access to mobile devices such as smartphones and tablets. With more users moving to their smartphones from desktops and laptops, most of their business data is stored on their mobile devices. This gives hackers easy access to sensitive data, increasing the risk of a data breach. With increasing proliferation and use of mobile devices, especially given the pandemic-induced lockdowns of 2020 that left people entirely dependent on mobile communication to stay connected, this became an increasing threat over the course of the year.
Today, there are more devices than there are people, and that makes implementing cyber security measures a real challenge. Cyber criminals are constantly upgrading their strategies to damage or defraud organisations and institutions. Therefore, the multipronged security strategy and effective implementation are crucial. Organisations have to be proactive than reactive so that they can identify security events faster and minimise or prevent damage.
Relook at and upgrade your cyber security infrastructure with Adventus’ Cyber Security Solutions and Services to equip your organisation with the most effective solutions, tools, policies, services, processes, and practices. Adventus has the expertise to safeguard financial assets and intellectual properties and can offer solutions according to budgets and business needs.