Ransomware impacts skyrocket 60 percent, cyber losses double in 2018
This week the Internet Society’s Online Trust Alliance released its annual Cyber Incident & Breach Trends Report, an analysis of the frequency and types of cyber-attacks that occurred over the past year. The report found that the impact of ransomware rose 60 percent, losses from business email compromise doubled and cryptojacking incidents more than tripled in 2018.
Overall, cybercriminals are finding new and smarter ways of monetizing their activities, with OTA estimating more than 2 million cyber incidents in 2018 resulted in over $45 billion in losses – with 95 percent of those attacks being preventable. Information Management spoke with Jeff Wilbur, OTA’s technical director, to better understand the growing trends in cybersecurity incidents.
Information Management: The OTA has just released its annual Cyber Incidents & Breach Trends Report. What are the key findings of the report this year?
Jeff Wilbur: This is the 11th year the report has been issued and we have seen a record number of cyber incidents – at least 2 million. For the first time, we also provided an estimate of the overall financial impact of cyber incidents, which totaled more than $45 billion.
The means of access remain relatively constant (email, weak credentials, insecure software), though we see increased use of “supply chain” attacks (infecting systems through third parties). The use of that access varies according to what’s most profitable, and in 2018 cryptojacking saw large growth, as did business email compromise. Though the number of events were down, breaches and ransomware were still rampant and had significant financial impact.
IM: How do those trends compare with previous studies from the OTA?
Wilbur: It is a challenge to accurately portray the number and type of incidents worldwide since there is no consolidating reporting, though in our general estimates the number of cyber incidents was much higher, mainly due to the inclusion of cryptojacking. We still believe this significantly underestimates the actual number since most are not reported.
What is very clear is that the attack landscape is constantly shifting, and organizations need to be aware of where they might be vulnerable. Last year’s trends were related to cloud computing, ransomware, proliferation of IoT, email-based attacks and regulatory changes.
Though these all still play a prominent role in the overall cyber incident landscape, the emerging trends we identified in this year’s report were cryptojacking, credential stuffing (use of the large database of compromised credentials to conduct brute force login attempts), and supply chain attacks, which have been present for a few years but are shifting and proliferating.
IM: Which trends from the new study most alarm you?
Wilbur: The most alarming trend is not a new trend at all – it’s the fact that the well-established rules for protecting against malicious access are not being followed. Year after year our analysis shows that more than 90 percent of data breaches are preventable – this year it was 95 percent.
Use strong passwords and multi-factor authentication, keep software updated, be careful with email, encrypt/hash and back up your data where ransomware can’t get to it – these basics would prevent a significant percentage of not just breaches, but all cyber incidents.
IM: How would you characterize the state of cyber security today in terms of clear and present dangers vs. cyber awareness and defenses?
Wilbur: The clear and present danger is that everyone should assume they will be attacked, and in fact are likely to have a cyber incident. Therefore, they need to put plans in place both to protect their systems and to know how to respond when a cyber incident occurs.
Though with today’s headlines it’s hard to imagine that organizations are not aware of cybersecurity risks, it seems that many are not setting up even basic defenses, likely due to resource constraints or the mistaken notion that they are not likely to be attacked. Our report outlines the steps all organizations should take to address cyber incidents.
IM: For those organizations that are most at risk, what do they typically do to cause their own vulnerabilities?
Wilbur: A quick glance at the breaches and cyber incidents referenced in the report reveals a number of areas where organizations can better protect themselves. These include use of strong credentials (unique passwords and multi-factor authentication), managing email risk through filtering and employee training, keeping software updated, tightly managing third-party vendors’ software and access and storing data securely.
While these represent basic protections all organizations should implement, those with highly valuable or sensitive data will need to take extra steps to properly secure their systems.
IM: For those organizations that are most secure, what are they doing right?
Implementation of best practices, as outlined in our Online Trust Audit, along with proactive, diligent attention to cybersecurity issues will help keep organizations from becoming a victim of cyber incidents. Though it’s impossible to protect against all possible attacks, following basic guidelines will cause most attackers to move on to easier targets.