Scary Cyber Stats

12264389452?profile=RESIZE_400xLast year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is moving toward placing responsibility for cyber risks in a company on the senior management and the board.  The days when the administration claimed that a cyber incident was the responsibility of solely the Chief Information Security Officer (CISO), the head of IT, or the external provider will soon be over.

The number and scale of cyber threats are increasing exponentially. In today’s interconnected and technology-driven business world, the question is no longer if your organization will be affected by a cyber-attack but when.  Factor in the current landscape of disruptive technologies such as AI, IoT, 5G, the metaverse, and quantum computing in the backdrop of trade wars, complex supply chains, partner ecosystems, hacktivism, and ransomware, and you get a frightening picture of the days ahead, says the CEO Recyber. 

The proportion of businesses suffering cyberattacks grows for the fourth straight year, reported Hiscox[2]: Over 87% of companies worldwide see cyber as the number one threat to their financial health and view it as more of a threat than an economic downturn and skill shortages. according to the latest Hiscox Cyber Readiness Report. The report’s findings included:

  • Over half (53%) of businesses suffered at least one cyber-attack over the last 12 months.
  • The impact of cyber risk cannot be underestimated, with one in five firms (21%) attacked, saying it was enough to threaten the viability of the business.
  • The frequency of cyber-attacks is increasing for small businesses with 10 employees or less.
  • Business Email Compromise remains the hackers’ weapon of choice.

Cybercrime Expected to Skyrocket in Coming Years - The volume and velocity of attacks have increased, as have the costs incurred by victims, with the 2022 Official Cybercrimes Report from Cybersecurity Ventures estimating that the cost of cybercrime will jump from $3 trillion in 2015 to a projected $10.5 trillion in 2025.  According to Statista’s Cybersecurity Outlook estimates, the global cost of cybercrime will surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027.  Cyber Crime Magazine defines cybercrime as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, robbery of personal and financial data, embezzlement, fraud, post-attack disruption to the ordinary course of business, forensic investigation.[3]

A Moody’s survey of more than 1,700 rated debt issuers underscores the increased investments organizations are making in cybersecurity in response to regulatory requirements and increased cyber risk.  Cybersecurity spending levels increased 70% from 2019 to 2023, according to Moody’s 2023 cyber survey.  The share of technology funds allocated to cybersecurity is also growing.  Organizations said they devoted 8% of their technology budgets to cybersecurity in 2023, up from 5% in 2019, according to Moody’s 2023 cyber survey.  Source: Cyber investments on pace to reach $215B in 2024: Gartner | CIO Dive

These statistics do not lie.  The expansion of connectivity of people and devices on the internet has greatly enlarged the attack surface target area for breaches. Also the development of the Internet of Things has completely changed the dynamics and the size of the expanding cyber-attack surface.  With an estimated 50 billion connected devices and trillions of sensors working among those devices, hackers have many options to breach cyber-defense and exfiltrate data.  At the same time, criminal hackers are automating more phishing attacks with artificial intelligence and exponentially reaching many more businesses, agencies, and consumers.  Unfortunately, despite the threats, not enough small, medium, and large companies have embraced the cybersecurity imperative seriously enough. Until they do, the number of breaches and amounts paid in ransomware extortion will continue to rise.  And, as the connectivity expands, the threats become increasingly sophisticated.  Cybersecurity investments will need to grow.

Malware and phishing dominate the 2023 cyber threat landscape. This report found that 45.3% of all threats involve malware or malicious software infecting a device, with phishing, deceptive emails, or messages that trick users into giving private information coming in at 43.6%.  Phishing remains the most common attack, with the 2023 Comcast Business Cybersecurity Threat Report finding that nine out of 10 attempts to breach its customers' networks started with phishing.  Source: Malware & Phishing Dominate the 2023 Cyber Threat Landscape | Cyber Magazine

Ransomware payouts and recovery costs went way up in 2023 - In a repeat of 2022, 66% of Sophos’s 2023 survey respondents claimed a ransomware attack had hit their organization.  While that number remained steady, the average payout increased year to year – from $812,380 in 2022 to $1,542,333 in 2023.  The proportion of organizations paying higher ransoms also increased since 2022, with 40% reporting payments of $1 million or more compared to just 11% last year

Ransomware has only become more sophisticated and more widely available over time.  Cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments.  Source: Ransom payouts and recovery costs went way up in 2023 | SC Media (scmagazine.com)

'Record-breaking' DDoS attacks reported by tech firms - Tech firms Google, Amazon, Cloudflare, and Microsoft say they have stopped a series of "record-breaking" distributed-denial-of-service (DDoS) cyberattacks that occurred over the last few months and represent a new type of DDoS technique.  Big Tech firms reveal record-breaking DDoS attacks (siliconrepublic.com)

NetScout has ID’d almost 7.9million DDoS attacks in the 1st half of 2023 - “While global events and the expansion of the 5G network have spurred an increase in DDoS attacks, adversaries continue to evolve their approach to be more dynamic by leveraging bespoke infrastructure such as bulletproof hosts or proxy networks to launch attacks,” said Richard Hummel, manager Senior Intelligent Threat Officer at NETSCOUT. “The life cycle of DDoS attack vectors reveals the persistence of adversaries to find and weaponize new attack methods, while DNS water torture and carpet-bombing attacks have become more prevalent.”

Phishing is the method of choice for many hackers.  Again, phishing is the most expected way to spread malware.  Most people know that phishing is a technique hackers employ to spread malware or steal your sensitive information.  Anybody can fall for a targeted phish, especially if it appears from a bank, business, or website you frequently visit.  It can also masquerade as a private email from an individual at the top of the organizational hierarchy.  Phishing software can be found online but usually as an email attachment.

Advances in technology have rendered phishing more accessible to cybercriminals, which is scary.  They have easy access to digital images, social engineering data, and a vast array of phishing tools, some of which are automated by machine learning.  Hackers often combine spear-phishing, a technique they use to target executives at companies or organizations, with ransomware.  Throughout its nearly two-decade history, ransomware has grown in popularity because it makes it simpler for hackers to make money.  There are estimated to be more than 120 different types of ransomware, and hackers have become highly skilled at hiding malicious code.  Hackers don't always need to utilize the newest and most sophisticated software to succeed.  For a hacker, it is not too hard to complete. Given how easy it is to conduct an internet attack, they usually rely on the target most vulnerable at the proper moment.

Cybersecurity attacks can take many shapes and employ various technical strategies.  There are always going to be breaches in the government and business sectors.  Botnets are one type of exploitation that malicious hackers might utilize with disastrous and pervasive results.  Botnet cyberattacks are not new; they have been around for nearly 20 years but are becoming more common and present serious risks.  Organized criminal hacking gangs do not just execute these but also by state-sponsored intelligence agents.  Thanks to machine learning and artificial intelligence developments, botnets can now easily automate and scale up cyberattacks quickly.  Cybercriminals are also using an increasingly popular Bot-as-a-Service to outsource attacks.

Poor cybersecurity habits occur every day among younger employees.  One in three employees believe their actions do not impact their organization’s security, according to Ivanti.  Poor cybersecurity habits are daily among younger employees, says Help Net Security.  The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).  This is true about performing password hygiene, clicking on phishing links, and sharing devices with family and friends:

  • 38% of office workers under 40 use the same passwords on multiple devices, compared to 28% of employees older than 40.
  • 34% of office workers under 40 shared work device(s) with family or friends, compared to 19% of employees older than 40.
  • 34% of office workers under 40 use a birthdate in their password, compared to 19% of office workers older than 40.
  • 13% of office workers under 40 clicked on a phishing link when targeted, compared to 8% of those older than 40.


The fact that younger generations are not following basic cyber-hygiene is disturbing and troubling.  Cyber hygiene is a crucial component for any business or person.  The fundamentals can be achieved with solid passwords, multifactor authentication, and understanding when to click on a scam.  Human carelessness is the cause of the most successful virus infections.  Maintaining good online hygiene might reduce a person's vulnerability to hackers.  Another crucial piece of advice is to back up your vital data, ideally to a different device isolated from the targeted phone or computer.  Investing in anti-phishing software is not a bad idea if you are an individual or small business.  It raises another obstacle.  Additionally, I advise closely monitoring your credit and social media accounts for any irregularities.

Hackers have long perceived insecure passwords as the quickest way to access valuable data.  However, many people continue using simple passwords like #132456 #password or their birthdays, which provide minimal obstacles for hackers to access their accounts.  Since social media has made us all social media creatures, hackers can employ social engineering techniques by looking through your social media accounts and highlighting pet names, which are frequently used as passwords; I'll admit that I've done it too, or other identifiable items that might provide hints about passwords and interests. The fact that algorithmic algorithms can "guess" passwords using marketing data and public social media sites is very concerning.

Connecting human data to the mindset of Artificial intelligence AI, Digital data and machine learning technology, and computer brain.  Robot technology development for futuristic.  According to a Gartner report, 80% of enterprises will have incorporated AI by 2026. Think AI has a lot of hype now?  It will accelerate in the next two years — especially in the enterprise. 

Attackers use ChatGPT to refine malware, personalize phishing emails, and fine-tune algorithms to steal privileged access credentials.  Oh, Great !!  International Data Corporation (IDC) says AI in the cybersecurity market is growing at a CAGR of 23.6% and will reach a market value of $46.3 billion in 2027.  Many have anticipated artificial intelligence's arrival, and AI is becoming mainstream.   Machine learning and natural language processing, which are already commonplace in our daily lives, contributed to the creation of AI.   These days, AI is capable of comprehending, diagnosing, and resolving issues from organized and unstructured data, sometimes even without special programming.

This tech trend has ramifications for cybersecurity.  Simply put, artificial intelligence strengthens cybersecurity in our interconnected environment by acting as a catalyst and facilitator.

The United States passed the Quantum Computing Cybersecurity Preparedness Act in December 2022, codifying into law a measure to secure federal government systems and data against the quantum-enabled cyberattacks that many expect will happen as quantum computing matures.  The scary part of this law: will any cyber criminals care?  Probably not.

Quantum Tech Needed To Secure Critical Data From Quantum Decryption - One company called Quantum Computing Inc. (QCI) is ahead of the game and operates a full-stack quantum solutions company that is on a mission to accelerate the delivery of quantum information processing hardware systems with both performance and cybersecurity benefits.  With their existing quantum photonics technology offerings, it is already feasible for the company to replace classical type computing with entropy quantum computing to strengthen key sources for any cryptographic task. The CEO of QCI says that Quantum Photonic technology “can also be leveraged to provide Quantum Encryption plus Quantum Authentication on the same platform, is a full solution to replace public-private key cryptography vulnerable to evolving quantum threats.  Source: Quantum Tech Needed to Secure Critical Data From Quantum Decryption (forbes.com)

Quantum computing is presently at the doorstep of civilization.  Unprecedented processing speed and predictive analytics will be possible with quantum computing, enabling problem-solving. Quantum technology is expected to transform various fields, such as real-time analytics and cybersecurity.  It does this by processing data inputs using the distinct characteristics of subatomic particles.  Because of its stability and cost, photonics is undoubtedly one of the most prudent paths for cybersecurity. We will still be living in a time of quantum discoveries in 2024.

On the other hand, there is no doubt that a new quantum era is approaching.  Although we're still in the early stages of quantum computing, it might happen sooner. Computing paradigms as we know them will change when artificial intelligence is combined with classical, biological, chemical, and quantum computing.

In today's hyperconnected digital world, security operators need to be aware of everything happening on your system and be able to spot anomalies, like malware or misconfiguration, quickly to prevent breaches.  Artificial intelligence (AI) technology can help protect against increasingly damaging and sophisticated malware, ransomware, and social engineering.  In 2023, there have been numerous high-profile data breaches, consistent with previous years' increased quantity and sophistication of cyber threats.  All things considered, 2024 will bring a potent mixture of old and new cyber threats.  This year will be particularly difficult for all those attempting to safeguard their data and maintain global stability.

This article by Forbes is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

 

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632

 

[1] https://www.forbes.com/sites/chuckbrooks/2022/10/02/for-cybersecurity-awareness-month-and-halloween--some-scary-cyber-threat-stats/

[2] Hiscox research finds increased prevalence of cyber attacks on businesses for fourth consecutive year | Hiscox Group

[3] https://www.statista.com/study/140265/global-cybersecurity-outlook-2023/

You need to be a member of Red Sky Alliance to add comments!