NetworkTigers looks at their predictions in cybersecurity made in 2021 and reflects on whether they came true.
A year ago, NetworkTigers compiled noteworthy statistics and predictions regarding cybersecurity trends for 2021.
Now that we are approaching the middle of 2022, have these predictions come true? What were the biggest cyber threats of 2021? Is the United States, and the world at large, better equipped to defend against cyberattacks today than a year ago? Is cybersecurity in 2022 looking more robust?
Cybercrime cost the world over $6 trillion in 2021
It was believed that cybercrime would cost the world $6 trillion by the end of 2021 and, according to security and aerospace firm Leonardo, this prediction has come true with the global cost of cybercrime actually exceeding that amount.
The average cost of a data breach increased by 10% in 2021, moving the needle from $3.86 million to $4.24 million. Some of this cost increase has been attributed to a slower response time with regard to breach containment due to remote workforces.
Ransomware grew exponentially 2021
Ransomware was predicted to experience incredible growth in 2021, and data shows that this has indeed occurred.
- Ransomware attacks increased globally by a whopping 48% in 2021. The UK experienced a 233% increase in attacks and the US saw attacks grow by 127%.
- Ransomware has been generating major headline news, making it a buzzword even for those with only a rudimentary understanding of cybersecurity.
- The frequency of attacks, the sophistication of those who perpetrate them, cryptocurrency and remote workforces have all contributed to ransomware’s unprecedented expansion over the last year.
- According to security hardware manufacturer SonicWall, almost 500 million ransomware attacks took place through September of 2021 with 1,748 attacks launched per organization.
- Statistically, this is comparable to a company or organization finding itself at the receiving end of an attack almost 10 times per day.
- Due to its lucrative nature, ransomware has become the favored attack strategy for organized criminals looking to cash in on desperate victims.
- Ransomware attacks also tended to be more expensive than other types of data breaches, with the average cost at $4.62 million.
Ransomware, and cybercrime in 2022 in general, is expected to maintain its trajectory of growth with more providers continuing to appear due to the lucrative nature of online extortion.
The biggest cyber threat for individuals in 2021: phishing attacks
Phishing scams continue to be easy, popular and effective ways for cybercriminals to trick victims into handing them the keys to their personal information or network and therefore made up more than 80% of all reported cybercrimes in 2021.
While phishing may seem like an old-fashioned manner in which to scam people, it prevails due to its effectiveness, ease of implementation and criminals’ ability to mimic trusted sources better than ever before.
The days of easy to spot spam begging users to hand over financial credentials to disgraced foreign royalty or assist a wealthy individual with a bank transfer have all but disappeared, with today’s phishing scams often looking identical to official emails one might receive from PayPal, potential employers or other reputable outlets.
Human error is a major contributing factor when considering data breaches and 90% of all major attacks start with a successful phishing attempt.
The most common cyber threat for businesses in 2021: BEC attacks
Ransomware might grab the headlines and dominate the conversation, but according to data from the FBI it’s actually business email compromise (BEC) attacks that ended up costing companies the most money in 2021.
Also referred to as “spear phishing,” BEC attacks are phishing attempts that are designed to specifically target an individual or organization by mimicking the look and language of a message that would have originated from a coworker, manager or trusted third party.
Often imbued with a sense of urgency, these types of attacks typically see hackers asking their victim for credentials that will allow them access to a company’s network and data.
Because criminals have become adept at creating messages that appear legitimate, often studying a company’s messaging or protocols in order to craft their scam, BEC attacks can be cripplingly effective.
These types of attack are expected to plague cybersecurity in 2022, as identifying them largely depends on an individual’s ability to determine whether or not the messages they are receiving are legitimate.
How is cybersecurity in 2022 looking so far?
Cybersecurity, due to the very nature of cybercrime itself, is always a moving target.
As the world has become saturated with cyberattacks, data breaches and ransomware, world governments and agencies have been hard at work developing new ways to stay ahead of the hackers.
However, cybercrime is still predicted to grow, with experts expecting that by the year 2025 it will cost the world around $10.5 trillion annually.
Remote workforces continue to challenge cybersecurity in 2022
For many organizations, remote workforces have become the standard as opposed to the minority. As employees have become used to skipping the morning commute and performing tasks from home, many business owners have also enjoyed not having to rent expensive office space.
However, the security problems that remote employees encounter continue to pose challenging obstacles. Shadow IT and issues related to the Internet of Things (IoT) create holes in security protocols and controlling data access and safety among employees working from home offices and coffee shops can be nearly impossible.
Cloud computing provides organizations with easy, convenient ways to share data and communicate across the world, but also creates its own unique security issues.
Cybersecurity awareness has increased
While the abundance of cyberattacks and data leaks may have a numbing effect on the general public, one of the most important tools any individual or organization has with regard to cybersecurity is an awareness of what threats exist and how to potentially identify them.
Thanks to large scale attacks, major data breaches, huge ransomware payouts and Russia’s cyberwar in Ukraine, cybercrime has become a term that’s been impossible to avoid.
Organizations have been bolstering their cybersecurity in 2022 by enacting zero-trust protocols and educating employees on how to avoid becoming a victim.
It will be critical moving forward for companies to continue to educate their staff while avoiding fatigue with regard to the barrage of relentless news regarding seemingly unavoidable data breaches and leaks.
New threats appear and old exploits remain
The discovery of the tremendous Log4Shell exploit in the last weeks of 2021 provided a great example of how a vulnerability can come seemingly out of nowhere and wreak havoc across a wide spectrum of users, organizations and businesses.
Log4Shell’s continued exploitation at the hands of hackers all over the world in spite of updates that have closed the security gap also illustrates how yesterday’s threats can still pose problems today if people don’t keep up with security updates and patches.
New hacks and exploits will continue to rear their heads in 2022, while the vulnerabilities and bugs of previous years will also cause headaches and security issues in organizations of all sizes.
Organized criminals are still agile and hard to track down
While the adoption and usage of cryptocurrency has not proven to be as untraceable as many hackers had hoped, it still allows criminals the ability to make their identification a challenge.
Additionally, some of the most notorious hacker and ransomware gangs operate under the protection of governments that are more than happy to allow them to create chaos among political rivals and opposing nations. These enterprises operate with impunity and often work hand in hand with their country’s government in order to carry out state-sanctioned attacks and espionage.
This year’s debut of Lapsus$ and the high profile victims the new group was able to brazenly infiltrate serves as yet another example of how threats can materialize quickly and those responsible can operate effectively from anywhere in the world.
Authorities have gotten serious about cybersecurity in 2022 and the toll it takes both politically and economically.
However, with criminals continually shuffling between rebranded gangs and the temptation of financial reward, hackers are still taking the risk and engaging in data theft and extortion efforts even as they see their peers arrested and their favorite dark web marketplaces dismantled by federal authorities the world over.
Thus far, 2022 appears to be following in 2021’s footsteps as authorities and criminals alike become more savvy and well organized when it comes to attempting to achieve their goals.
Sources
- Global cost of cybercrime topped $6 trillion in 2021: defence firm 10 May 2022, Tech Xplore
- 10 Cyber Security Trends You Can’t Ignore In 2021 by Jason Firch, 29 April 2022, PurpleSec
- Cybercrime Cost US $6.9 Billion in 2021 by Chris Brook, 23 March 2022, Digital Guardian
- 2022 Must-Know Cyber Attack Statistics and Trends by Embroker Team, 29 April 2022, Embroker
- Cyberattacks 2021: Phishing, Ransomware & Data Breach Statistics From the Last Year 28 Jan 2022, Spanning
- 2021 INTERNET CRIME REPORT
- Unlucky #7: FBI Data Shows BEC Is the Top Cyber Threat for Seventh Year in a Row by Crane Hassold, 24 March 2022, Abnormal