“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance. “The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”
In the report, OTA noted a steep rise in cyber incidents like supply chain attacks, Business Email Compromise (BEC) and cryptojacking. Some attack types, such as ransomware, are not new but continue to be lucrative for criminals. Others, such as cryptojacking, show that criminals are shifting their focus to new targets. Some of the top trends from the Cyber Incident & Breach Trends Report are listed below.
In conjunction with the increasing prevalence of cryptocurrency comes the rise of cryptojacking, which tripled in 2018. This is a specific type of attack aimed at hijacking devices to harness computer power at scale to efficiently mine cryptocurrency. OTA believes these incidents are increasingly attractive to criminals as they represent a direct path from infiltration to income, and are difficult to detect.
While the total number of ransomware attacks was down in 2018, the OTA report noted a troubling rise in reported ransomware attacks against state and local governments in 2018 and early 2019. Breaches targeting the cities of Baltimore and Atlanta led to the disruption of many government services and the rebuilding of entire network structures. Local governments are particularly vulnerable given that they often rely on outdated technology and are running old software and operating systems.
While also not new, 2018 brought a rash of sensitive data being left open to the Internet due to misconfigured cloud services. Given the number of businesses that rely on companies like Amazon, Google, and Microsoft for some or all of their cloud needs, it is increasingly important to ensure cloud storage is secure. The report noted that one common problem with cloud computing isn’t even a true “attack”, but user error. Configuring data storage correctly is the responsibility of the data’s owner, not of the cloud service and it’s often improperly done.
Most Breaches Preventable
As in past years, OTA found most breaches could have been easily prevented. It calculated that in 2018, 95 percent of all breaches could have been avoided through simple and common-sense approaches to improving security. The report provides a checklist.
“Our report findings indicate that cybercriminals are using their infiltration ability to focus on new, more lucrative attacks,” continued Wilbur. “Staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future.”