By Max Dorfman, research writer, Triple-I (2022-04-29)
Several recent reports quantify the growing risk and cost of cyberattacks in 2021.
Willis Towers Watson PLC, a multinational risk management, insurance broker and consulting firm, and the global law firm Clyde & Co, examined directors and risk managers based in more than 40 countries around the world. They found that 65 percent consider cybercrime to be “the biggest risk”; facing directors and officials. Data loss and cyber blackmail followed, with 63 percent and 59 percent, respectively.
In 2021, there were 623.3 million cyberattacks globally, with US cyberattacks increasing by 98 percent, according to cyber security company SonicWall. Almost every threat increased in 2021, especially ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, where a criminal uses a victim’s computing power to generate cryptocurrency.
The frequency of ransomware attacks alone increased by 105 percent globally in 2021, says SonicWall, making them the most common type of cyberattack ever committed. State of Ransomware 2022 by Sophos, a security software and hardware company, found that 66 percent of the surveyed organizations were attacked by ransomware 2021, an increase from 37 percent in 2020. Payments of ransomware often had a higher trend, with 11 percent of organizations stating that they paid ransoms of $ 1 million or more, up from 4 percent by 2020. In addition, 46 percent of organizations that had data encrypted in a ransomware attack paid the ransom.
The 2021 Software Supply Chain Security Report by Argon, an Aqua Security company, highlights key areas of criminal focus, including: “open source vulnerability and poisoning; code integrity issues; and leveraging software supply chain and vendor trust to deploy malicious software or backdoors.”
According to the Argon report, cybercriminals often use these methods to blackmail victims:
- Encryption: Victims pay to regain access to encrypted data and compromised computer systems that stop working because key files are encrypted.
- Data theft: Hackers release sensitive information if a ransom is not paid.
- Denial of Service (DoS): Ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
- Harassment: Cybercriminals contact customers, business partners, employees and the media to tell them that the organization was hacked.
“The number of attacks over the past year and the widespread impact of a single attack highlight the enormous challenge facing application security teams,” said Eran Orzel, senior director at Argon.
Cyber insurance companies work to protect companies
Cyber insurance is still an important investment for many companies, especially as cyber attacks continue to wreak havoc in various industries. Investing in cyber insurance can help an organization recover from an attack, with cyber insurance companies often helping to recover data, repair damaged devices, protect a company from civil lawsuits, and remedy any reputational damage that occurs during an attack.
The first line of defense, however, is to create a robust cyber security system, train employees in how to identify a potential attack, encrypt company data and activate antivirus protection. With only half of companies reporting a consistent encryption strategy and the cost of data breaches continuing to rise, organizations need to do more to protect themselves and their customers.