The 2018 Cyber Incident & Breach Trends Report, released by the Online Trust Alliance (OTA), brings alarming data regarding cyber attacks. In 2018, the damage caused by cybercriminals totaled USD 45 billion. About 2 million security incidents have been reported. In short, the document presents interesting information about data breaches and ransomware, DDoS and Business Email Compromise (BEC) attacks, among other threats.
The OTA report is built on statistics, data and information from various cyber security companies and organizations, including FBI and Cybersecurity Ventures, for example. Now, let's take a look at key points from the document.
Main topics from the Cyber Incident & Breach Trends Report
The report points out that about 95% of breaches in the past year could have been prevented. This number is alarming because it indicates that people and businesses have not been as concerned about data and information security as they should. And we can't forget that, in the case of a business, a data breach can have devastating effects, such as compromising the company's brand and reputation.
According to the report, the damage provoked by ransomware attacks increased by around 60% in 2018. The financial impact is estimated at USD 8 billion. In 2017, ransomware attacks caused USD 5 billion in losses. Another interesting information says that the use of ransomware to target businesses rose by about 12% during this period. This is one more reason why companies should think carefully about the information they handle.
BEC (Business Email Compromise)
One of the points that deserves attention in the report concerns the Business Email Compromise (BEC) and Email Account Compromise (EAC) scams. Damages from this type of attack nearly doubled from 2017 to 2018, from over USD 600 million to over USD 1 billion. The number of reported incidents involving BEC and EAC also increased over the same period, from 16,000 cases to over 20,000 cases.
DDoS (Distributed Denial-of-Service attack)
Reading the report, it's clear that DDoS attacks are still widely used by hackers. In 2018, around 150,000 incidents involving DDoS attacks were reported. Nevertheless, that's a decrease of more than 10% compared to 2017.
“The challenge with DDoS is determining how many attacks are successful – there is no aggregated reporting and most organizations are reluctant to acknowledge their vulnerability. However, there are examples of successful attacks across a wide range of industries, ranging from banking (ABN AMRO) to education (Infinite Campus) to email services (ProtonMail) to software services (GitHub)”, says the report.
Cryptojacking or cryptocurrency mining
Another interesting point in the report is about cryptojacking, also known as cryptocurrency mining. This type of threat has grown from 400,000 cases in 2017 to 1.3 million cases in 2018. One of the hypotheses raised to justify this increase indicates that cryptojacking would be a more accurate type of scam, as it exposes the attackers less and has guaranteed financial return.
“Though on the surface such attacks may seem innocuous, there are real costs associated with extra energy use, sluggish performance (in which case computers might be upgraded unnecessarily, giving attackers even more resources to work with), and even failures of equipment due to heavy use”.
Would you like to take a look at the 2018 Cyber Incident & Breach Trends Report? Click here.