According to a new report by the Internet Society’s Online Trust Alliance (OTA), cyber attacks are increasing at an astonishing rate as cyber crime became a $45 billion industry in 2018 – up billions of dollars from 2017.
The lead categories of attacks are cryptojacking (1.3 million) and ransomware (500,000), followed by breaches (60,000), supply chain (at least 60,000 infected websites), and Business Email Compromise (20,000). Many of these numbers were actually down in terms of number of attacks, but the financial impact of fewer incidents were exponentially higher than previous years.
What this report also suggests is that criminals are moving from big, anonymous attempts on numerous individuals to more focused attacks directed at certain businesses. Case in point: businesses were targeted by ransomware 12% more frequently in 2018 and the losses as a result of ransomeware were up from about $2 billion to $8 billion – all in just one year. There was also an increase in ransomware attacks on government agencies, too. Business email compromise losses increased from $677 million in 2017 to $12.5 billion in 2018.
Cryptojacking surged by three times the 2017 amount, most likely driven by volatile Bitcoin activity earlier in the year. Cryptojacking is a very appealing choice for cyber criminals as it’s more low-key and low-risk than other popular attack types, and it only involves gaining access to a company website to insert a script in order to immediately begin generating income. Given the low cost and relative ease, cryptojacking is expected to remain popular among cyber attack trends as long as cryptocurrencies hold significant value.
Another attack area that gained ground in a big way in 2018 was the supply chain attack, which went up 78%.
The report actually describes its own findings as conservative, given that it’s difficult to accurately determine the cost of certain attacks (such as DDoS downtime or the web of associated losses due to a data breach). Companies also show great reluctance to self-report their incidents, so the two million total cyber attacks and the $45 billion in losses that this report settles on may actually be an underestimation of the current scope of cyber crime costs.
Perhaps the most eye-catching number in the entire report is that 95% of these attacks were considered preventable and could have been avoided with the right network security measures in place.
Are you doing enough to keep your business safe? Here at Zyxel, we can help with a deep suite if products and services to keep your business operating and safe from nefarious perpetrators. Click HERE to learn more.