According to Gartner's 2021 CIO Agency Survey, total enterprise investment for global information security and risk management technology is expected to increase 12.4%, up a whopping $150.4 billion in 2021 alone. Cybersecurity is considered to be the largest contributor to this spending and a top priority for ~61% of the respondents.
According to a recent study, there were 1,767 publicly reported breaches and 18.8 billion records exposed in the first half of the year. Considering the extent of these attacks, companies are rapidly adopting cybersecurity as an integral part of their IT; making it invaluable for several reasons such as data protection, network security, breach aversion, threat of ransomware, and risk of litigation to name a few. It is also evident that daily operational checks have not been successful in extracting higher-risk vulnerabilities in the network or IT architecture. Giving reason to implementing appropriate tools and conducting audits to combat prospective cyber impacts.
The following are the five most threatening and trending forms of cyber attacks
1. Social engineering
Social engineering is the process in which threat actors manipulate recipients to perform actions or divulge confidential information. This can be done through phishing emails, texts, and even phone calls. These attacks are not limited to a class of people – with victims ranging from corporate executives to children. In 2020, a third of breaches used social engineering techniques. Of these, 90% were phishing attacks. A social engineering attack costs an average of $4.47 million, according to the 2021 Cost of a Data Breach report by the Ponemon Institute.
At the enterprise level, new employees are considered the most vulnerable to social engineering due to a lack of experience in addressing these threats. To avoid these cases, enterprises are recommended to implement "zero standard privileges.” This limits user access with specific rights granted for the stipulated timeframe required for a task to be completed. Enterprises are also implementing “least privilege,” which gives users only those privileges required for them to complete their tasks.
2. COVID-19 schemes
Some social engineering attacks take advantage of current events. The COVID-19 pandemic has paved the way to various dubious online schemes that play on COVID-19 rules, payments, help, fundraising, or monetary assistance. Given the high exposure of the pandemic and the sophistication of the threat actors, these methods are quite effective against the public. As of 2020, 12,377 COVID-related scams were reported. These malicious actors pose as representatives from the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO) and attempt to deceive and trick recipients into clicking on malicious links or opening virus-infected attachments.
Since the beginning of the COVID-19 pandemic, the FBI has seen a fourfold increase in cybersecurity complaints. The global losses from cybercrime in 2020 exceeded $1 trillion.
One of the most common attacks of the modern era is ransomware. Ransomware is a type of malware that restricts the user and system administrators from accessing their files or network systems by encrypting them. Once infected, the cyber threat actors demand ransom (generally in Bitcoin) to decrypt the system for the user. Ransomware attacks reported a surge in the first half of 2021, registering itself at 304.7mn.
4. Supply Chain Attacks
A supply chain attack aims to disrupt the systems of an organization’s supply chain. It is based on the principle that key suppliers and vendors may be more vulnerable to an attack and thus impact the target organization. This is a threat that was witnessed and reported by the American IT software company SolarWinds in 2020 when the sophisticated malware impacted 18,000 customers, including some Fortune 500 companies and government agencies. This attack was focused on suppliers and was intended to threaten and exploit access nodes into larger organizations by breaching their security controls.
According to VMware, 50% of cyber-attacks are not only targeted at networks but also those connected via the supply chain. Another report by supply chain management software company Sonatype in 2020 claimed supply chain attacks on open-source software have surged by 430%. Supply chain attacks are expected to quadruple in 2021.
5. Third-party software
These are cyber security threats that exploit vulnerabilities in a third-party vendor’s application. The e-commerce industry, in particular, is associated and connected to several resources and third parties. In the U.S., it is estimated that the top 30 e-commerce retailers are connected to over 1,131 third-party resources and 23% of them have one critical vulnerability to cyber threats. In this case, even if one application in the ecosystem is compromised, the hackers get a gateway to all other domains, causing an average breach loss of $4.33 million, according to the 2021 Ponemon study.
The growth of digitalization has brought huge gains for companies. But the transformation required often exposes companies to cyber threats, which if not proactively dealt with, can cause huge losses – both financially and reputationally.
President Biden’s Executive Order signed in May will require stricter protocols, and the use of multi-factor authentication will evolve to the next levels. Furthermore, the Biden administration is looking to impose sanctions on digital payment systems used to pay cyber criminals. Changes on a national level are also happening since the havoc of cybersecurity attacks, globally. For example, China has begun to retrain its army in cybersecurity schools to become the world's cybersecurity leader by 2027. Meanwhile, top officials at the Department of Homeland Security have identified the lack of skilled security personnel in the United States as a national security problem.
It’s important to be aware and be safe now. CAI helps companies assess their current cyber maturity and design a plan for greater security.
CAI’s comprehensive cybersecurity lifecycle includes assessment, governance, planning, building, running, management, and administration. Click here to get a customized cybersecurity assessment according to your organization’s requirements.