Scott Ikeda at CPO Magazine posted insights about a new report on cyber attack trends which combines information from a number of high-level sources. It reveals a startling amount of cyber crime growth. The report revealed that cyber crime became a $45 billion industry in 2018, up tens of billions of dollars from the previous year.
The report from the Internet Society’s Online Trust Alliance (OTA) identifies trends by using data from sources including the Federal Bureau of Investigation, Symantec, prominent cybercrime journal Cybersecurity Ventures, security consultant Risk Based Security, the Identity Theft Resource Center and the Internet Society’s own internal data to create as comprehensive a picture as possible of the annual cyber crime market.
The current Cyber Incident & Breach Trends Report reveals that although overall incidents of cyber crime are actually down across the board, the financial impact is way up. The $45 billion stolen in 2018 alone accounts for over a third of the entire cyber crime take since 2013.
What the cyber attack trends report tells us
The report highlights both positive and negative impacts in 2018. Many of the most common types of attacks – ransomware, data breaches, and DDoS – were actually down in terms of overall count in 2018. But the financial damage done by many attack types was up significantly. Ransomware losses rose by 60% in spite of the downturn in overall incidents, business email compromise losses rose by a staggering 200%, and there were three times as many cryptojacking incidents.
One thing that all of this data on cyber attack trends suggests is that criminals are shifting from large-scale, indiscriminate attempts on lots of individuals to more focused attacks directed specifically at businesses that have significant resources.
For example, businesses were targeted by ransomware 12% more frequently in 2018 and the losses to it shot up from about $2 billion to $8 billion in just one year. There was also a marked increase in ransomware attacks on government agencies. Business email compromise losses shot all the way from $677 million in 2017 to $12.5 billion in 2018. And exposed records were actually down by about five billion in total in the midst of all this, in spite of a number of huge breaches such as Marriott and the Indian national identity database.
Another attack area that gained ground in a big way in 2018 was the supply chain attack, which went up 78%. Symantec estimates that about 5,000 websites per month were hit with attacks, which mostly targeted their shopping cart systems.
95% of the attacks were determined to be preventable
Perhaps the most eye-catching number in the entire report is that 95% of these attacks were determined to be preventable. The 2019 global internet report incorporates a good deal of readiness advice aimed at dealing with the current cyber attack trends.
For supply chain attacks, OTA recommends a “zero trust” policy for any third parties (or their tools) that have access to the network. Access should always be limited to only the absolute necessities, and regular penetration testing can help to identify vulnerabilities before they can be exploited.
In terms of general readiness, the biggest thing the cyber attack trends study stresses is fostering a culture of collective responsibility that identifies and promotes security. Tested response plans are also critical for the various types of cyber incident breach trends, and both data management practices and employee training need to be regularly reviewed.
The upshot is that cyber crime is clearly lucrative and a major growth industry. The new reality of doing business online is keeping up with the criminals and securing against both established and emerging cyber attack trends. Continued at: