While attack types do not appear to be changing in the coming year, experts see cybercriminals getting better at their craft, making it easier to separate you from your money and credentials.
We’d all like to think that with a new year comes the turning over of a new leaf – but cybercriminals have nothing but more of the same old tactics that work, but turning up the frequency and effectiveness to increase “revenues”. Two tried and true tactics are ransomware and phishing. Both have proven to be inexpensive, scalable, and profitable ways to rob innocent people and companies of their hard-earned money.
In 2019, it looks like it's going to get worse.
According to Cybersecurity Ventures’ 2019 Official Annual Cybercrime Report, we should expect to see Ransomware attacks step up in frequency and cost. In 2016, Kaspersky Labs estimated the frequency of ransomware attacks to occur once every 40 seconds. Cybersecurity Ventures predicts this will rise to once every 14 seconds in 2019. In addition, the total cost of ransomware attacks is rising as well. According to the report, the total cost of ransomware in 2018 is estimated to be $8 billion, and will rise in 2019 to over $11.5 billion.
Phishing is another lucrative attack vector that will continue into 2019. The expectation by industry experts is for phishing to take on more targeting, with specific messaging to match organizations and users. This increases the likelihood of successful attack. With the last estimate of global financial losses from phishing-based business email compromise at over $12 billion, the potential uptick in effective phishing campaigns only pushes that number higher in 2019.
In both attacks, users are the common link; it takes a user clicking on a malicious email attachment or web link, or replying to malware-less social engineering attacks. Organizations need to protect themselves by strengthening this weak link in your security. Through Security Awareness Training, users elevate their understanding of attack methods, and are able to spot suspicious email and web content, minimizing the likelihood of becoming a victim.