Cybercriminals are getting better at monetising their activities, yet 95 per cent of them could have been avoided.
On Tuesday (9 July), the Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, released its Cyber Incident & Breach Trends Report.
The report found the financial impact of ransomware rose by 60%, losses from business email compromise (BEC) doubled, and cryptojacking incidents more than tripled, despite the fact that overall breaches and exposed records were down in 2018. OTA estimates more than 2 million cyber incidents in 2018 resulted in over $45 billion in losses, with the actual numbers expected to be much higher as many cyber incidents are never reported.
“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance.
“The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past,” he added.
In the report, OTA also noted a steep rise in cyber incidents like supply chain attacks, Business Email Compromise (BEC), and cryptojacking. Some attack types, such as ransomware, are not new but continue to be lucrative for criminals. Others, such as cryptojacking, show that criminals are shifting their focus to new targets.
Nonetheless, OTA deduced that most breaches could have been easily prevented, so much so that in 2018 alone, 95 per cent of all breaches could have been avoided through simple and common-sense approaches to improving security.
“Our report findings indicate that cybercriminals are using their infiltration ability to focus on new, more lucrative attacks,” noted Jeff Wilbur, before suggesting that “staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future”.
For the full report with more details on the key findings including a list of ways to improve on cybersecurity for personal or business use, click here.