Are we taking cybersecurity seriously enough in 2018? That’s the question many businesses, governments, and especially internet security professionals are asking themselves this year. Cyber threats continue to be a large problem for everyone. From your average consumer to the largest governments in the world, anyone with an online presence these days has been affected by cyber threats from criminals looking to cause damage and mischief.
Every year, major cybersecurity research firms and security companies release reams of data on what the landscape looked like during the previous year or previous quarters. What they’re looking for are trends (both positive and negative) and new developments.
For example, Cisco reports that one study identified “burst attacks” as a hacker trend growing in complexity and frequency. According to Radware, an anti-DDoS security company, “burst attacks”, or “hit-and-run attacks” are a type of Direct Denial-of-Service (DDoS) attack where hackers send high volumes of throughput data to an organization’s servers for a few seconds at a time. These burst attacks can span hours or even days, and can completely overwhelm an organization’s servers, disrupting the ability to effectively deal with the situation due to the random and continued nature of the attack.
That’s only a snippet of the data released this year regarding the growing and ever-changing threat posed by cybercriminals.
Here are some of the latest cybersecurity statistics and facts from 2017-2018 that help highlight why everyone should be concerned.
The “Big Picture”? Cybercrime is still a big problem
Companies like Cisco, Symantec, PwC, and even the US federal government have all released reports on the state of cybercrime and cybersecurity readiness to deal with it. Their findings are pretty chilling for everyone, but especially for businesses and governments who are often the primary focus of coordinated cybersecurity threats. Consumers are still at risk, of course, but for most consumers, the biggest risk comes from attacks against the businesses and governments that house massive amounts of sensitive data on sometimes unprotected or poorly secured servers.
- Ransomware is the new, growing norm that most organizations need to defend against. However, the biggest threat now is ransomware using network-based attack vectors that completely remove the need for human interaction to install and deploy. (Source: Cisco)
- Cyber attacks are now happening at a “near constant rate”, according to a University of Maryland study. The study found the average is now one attack every 39 seconds. (Source: University of Maryland)
- The cyber threat has grown to the extent that the US government now requires all agencies to submit cybersecurity threat reports. President Donald Trump signed Executive Order 13800 into law on May 11, 2017, requiring all US federal agencies to submit their threat assessments. The first Cybersecurity Risk Determination and Report and Action Plan was released on May 18, 2018. (Source: US Federal Government)
- That same US Federal Government report revealed a troubling lack of security preparation across US agencies, including the fact that only 27 percent of agencies report having the ability to both detect and investigate attempts to access large volumes of data. As such, large data breaches of many US agencies could easily go undetected for long periods of time. (Source: US Federal Government)
- “Dwell time”, or the amount of time an attacker has undetected access to a system before complete removal was higher in 2017 in most countries. In the Asia Pacific (APAC) region, the median dwell time was 417 days, compared to 172 days in 2016. In the Americas, median dwell time went down, from 99 days in 2016 to 75.5 days in 2017. (Source: FireEye)
FireEye 2018 report
- Globally, the median dwell time was far higher for attacks identified by external notification systems. This was especially the case in the EMEA (Europe, Middle East, and Africa) region, where median dwells times of attacks that were identified by sources outside of an organization lasted over 12 times as long as those discovered internally. (Source: FireEye)
- In the APAC region, the median dwell time for externally notified breaches was 1,088 days. (Source: FireEye)
- Globally, breaches discovered and notified by external sources lasted about 186 days, just over 3 times longer than those breaches discovered by internal processes and tools. (Source: FireEye)
- Median dwell time is slightly up year-over-year, but it is still far lower than in most previous years. In 2011, where median dwell time was 416 days. In 2017, median dwell time was 101 days. (Source: FireEye)
- Although externally identified and notified attacks exist on a system for a longer period of time, the internal systems organizations have in place are getting better and are still more effective. Globally, organizations were able to detect 62 percent of breaches themselves. (Source: FireEye)
- Organizations targeted by attackers are often targeted again by the same or similar actors after recovering from an incident. According to FireEye, 49 percent of their customers who were attacked were successfully attacked again within a year, and 86 percent of the time, customers who had more than one significant attack also had more than one unique attacker. (Source: FireEye)
- Organizations in APAC countries were far more likely to experience multiple attacks by both repeat and unique attackers in a relatively short time. (Source: FireEye)
- In its data, FireEye found that “high-tech”, “telecommunications”, and “education” were the most targeted industries in 2017. (Source: FireEye)
Symantec 2018 report
- Mobile malware is on the rise. Symantec found mobile malware variants increased 54 percent in 2017 versus 2016. (Source: Symantec)
- “Cryptojacking”, in which cryptocurrencies miners steal computer resources to mine currency, jumped over 8,500 percent in 2017. (Source: Symantec)
- Overall, coin-mining activities increased over 34,000 percent in 2017. (Source: Symantec)
- The average ransom from ransomware fell to $522 in 2017. Increasingly, more attackers are using ransomware as a means for disruption and as decoys for other nefarious deeds instead of just for money extraction. (Source: Symantec)
- There was a 92 percent increase in new downloader variants in 2017. (Source: Symantec)
- Macs were increasingly under attack in 2017, marking an 80 percent increase in Mac-targeted malware. (Source: Symantec)
- The percent of emails that were spam increased in 2017, with more than 55 percent of all emails being identified as spam. (Source: Symantec)
- There was a 46 percent increase in new ransomware variants in 2017. (Source: Symantec)
- Internet of Things (IoT) devices are more heavily targeted than ever, noting a 600 percent increase in attacks on IoT devices in 2017. (Source: Symantec)
- China leads the way regarding attack origination. Around one-fifth of attacks originated in China. The second largest location for attack origination was the US, at 11 percent of all attacks. (Source: Symantec)
- A majority of apps that leak data tend to leak phone numbers. Nearly two-thirds (63 percent) of “leaky apps” leaked phone numbers, which may also be playing a part in the increase in phone spam calls many mobile users are experiencing. (Source: Symantec)
- The number of known targeted attack groups is growing. Symantec identified 140 targeted attack groups in 2017. (Source: Symantec)
- Most targeted attack groups focus solely on intelligence gathering against victims. The remainder engages in risky disruptive activities that tend to leave them more likely to be exposed and blocked. (Source: Symantec)
- Most targeted attacks in 2017 occurred against US organizations, with 303 known targeted attacks. India took second place with 133, followed by Japan (87) and Taiwan (89). (Source: Symantec)
- Supply chain attacks can be extremely effective when executed properly by attackers. In 2017, a system clean-up tool known as CCleaner was compromised by supply chain attackers who were able to insert and digitally sign a malicious version of the software in the company’s own development environment. The compromised update version was downloaded over 2 million times, mostly by US customers. (Source: Symantec)
- There was nearly an 88 percent increase in new malware variants in 2017 over 2016. (Source: Symantec)
- While hackers often favor businesses, coin-miners appear to favor consumers. By the end of 2017, consumers suffered twice as many coin-mining malware attacks. (Source: Symantec)
Wipro 2018 report
- Wipro estimates that 88 records were stolen every sescond in 2017, compared to 43 every second in 2016. (Source: Wipro)
- 2.7 billion records were stolen in 2017, twice as many as were stolen in 2016. (Source: Wipro)
- 60 percent of organizations listed phishing emails as the primary source for endpoint attacks. (Source: Wipro)
- Most record thefts occurred at the beginning of the year in 2017. The first quarter far outpaced the following three quarters for record theft. (Source: Wipro)
- The healthcare industry was the most targeted industry in 2017. Over 40 percent of data breaches were in healthcare, according to Wipro. In 2016, that number was 31 percent, reflecting an increased focus on healthcare organization by hackers (Source: Wipro)
- During all four quarters of 2017, trojans were the primary type of malware used to infect machines, comprising over 50 percent of all malware each quarter. (Source: Wipro)
- Code execution vulnerabilities in security software gained traction in 2017, jumping from 12 percent to 22 percent of detected vulnerabilities. (Source: Wipro)
- According to its survey of organizations, 29 percent ranked “Privileged Access Management” as the most valuable data security control.
- Security Information and Event Management tools (SIEM) were the most popular among organizations for security event notifications. (Source: Wipro)
- A majority of organizations (68 percent) rely on SIEM vendors to provide threat intelligence. (Source: Wipro)
- More organizations are purchasing cybersecurity insurance, but the numbers are still high for those who are not purchasing such insurance. In 2017, 46 percent reported having no cybersecurity insurance, compared to 53 percent in 2016. (Source: Wipro)
Stroz Friedberg 2018 report
- According to its survey of organizations, Stroz Friedberg found just 24 percent of risk professionals reported that their organization had cybersecurity insurance in place (a notably different number than that reported by Wipro’s survey). (Source: Stroz Friedberg)
- A vast majority (87 percent) of risk management professionals listed cyber liability among their top 10 business risks. (Source: Stroz Friedberg)
- Organizations spent $86.4 billion on cybersecurity in 2017, a 7 percent increase over 2016. (Source: Stroz Friedberg)
- Small businesses are still getting targeted. In 2017, 55 percent of small businesses reported data breaches occurred within the past 12 months. Despite the threat, most still consider cyber threats a minor priority. (Source: Stroz Friedberg)
- Around 81 percent of attacks in 2017 were due to weak or stolen passwords, many of which could have been prevented by the use of multifactor authentication. (Source: Stroz Friedberg)
- Cracking cyber threats can be lucrative. Researchers were paid $70,000 for finding exploits in Apple’s IOS 11.1 version. (Source: Stroz Friedberg)
- The cost of ransomware attacks rose 400 percent between 2016 and 2017. Ransomware cost organizations $5 billion in 2017. (Source: Stroz Friedberg)
Comodo 2018 report
- Due to the increased visibility of Bitcoin, cryptocurrency miners opted for other cryptocurrencies to target in 2017. Most attackers turned to Monero mining instead, flooding the market with new malware variants designed to mine Monero and other non-Bitcoin currencies. (Source: Comodo)
- Hackers quickly figured out how to subvert the Coinhive service last year, inserting malware into sites across the globe to illegitimately mine cryptocurrencies from unsuspecting website visitors. (Source: Comodo)
- Cryptocurrency mining replaced ransomware as the number one type of attack on the web in 2017. (Source: Comodo)
- Unwanted applications were the most prominent malware triggers detected by Comodo throughout 2017. (Source: Comodo)
- Germany had a particularly high number of Trojans infecting networks in 2017. (Source: Comodo)
- According to Comodo, The UK was a “glowing orb of malware” last year. (Source: Comodo)
- Japanese networks experienced a highly unusual and very regular pattern of exploit malware in 2017, something Comodo believes that country’s security experts should investigate as soon as possible. (Source: Comodo)
PwC 2018 report
- 87 percent of surveyed CEOs report they are investing in cybersecurity as a way to build trust with customers and clients. (Source: PwC)
- 81 of organizations report implementing transparent policies on the usage and storage of customer data. (Source: PwC)
- CEOs in the Middle East are more likely to report investing in cybersecurity than in other regions. 62 percent of Middle East CEOs reported building trust with customers through cybersecurity investment, compared to those in North America (52 percent), Western Europe (47 percent), Asia Pacific (46 percent), Latin America (43 percent), Central and Eastern Europe (43 percent) and Africa (38 percent). (Source: PwC)
- Only 56 percent of businesses report having an information security strategy in place. (Source: PwC)
- Just 53 percent of businesses report that they require employees to be trained on privacy policies. (Source: PwC)
- Many businesses do not know the full extent of the personal data they hold. Just over half report having an accurate inventory of personal data. (Source: PwC)
- 48 percent of businesses believe advanced authentication methods, such as multifactor authentication, have helped reduce fraud. (Source: PwC)
- A majority of businesses (60 percent) are adopting biometrics as one of their chosen advanced authentication methods. Smartphone tokens were the least commonly adopted; 48 percent of businesses report using such options. Roughly half are now using multifactor authentication. (Source: PwC)
- Company boards are rarely involved in cybersecurity efforts and decision making. Less than one-third (31 percent) of surveyed businesses say their board participates in the review process of security and privacy risks. (Source: PwC)
- Even high-value companies have mostly uninvolved boards when it comes to cybersecurity and privacy concerns. 36 percent of such companies reported having boards that participate in reviews of such policies and risks. (Source: PwC)
- Major corporations are more likely to have an overall information security strategy. 71 percent report having such a strategy, with 69 percent requiring employees to be trained on privacy policies. (Source: PwC)
- Asian and North American companies are leading the way with data security policies. Companies in both regions are more likely to have overall security strategies, require employee training on security policies, have accurate inventories of their personal data, limit the data they collect and who can access, audit the compliance of third parties who have access to data, and require all third parties to comply to internal data policies. Still, only around half of all companies in Asia and North America hold up to those standards. (Source: PwC)
- Most companies are implementing at least some approach to cross-border data flow. 38 percent are using Privacy Shield as their primary approach. (Source: PwC)
- Most companies waited until the last minute to address the EU’s GDPR regulations, which requires companies to take more protections with how they use and protect user data. The GDPR went into effect in 2018, while only 32 percent report starting their GDPR assessments in 2017. Most companies waited until the last minute in 2018, or have yet to begin implementing GDPR at all.
Cybersecurity remains a major concern for everyone in 2018
Key trends surfaced across all of the major cybersecurity reports from 2017 and 2018.
Businesses are still slow to respond to cyber threats through better preparation, despite the increasing number of threats and their growing complexity. Most reports appear to indicate that businesses and governments remain the primary target for most cybersecurity threats, particularly given how much consumer data businesses and governments now hold. However, cryptocurrency mining is something consumers have to worry about far more often.
As for common attack vectors, it appears ransomware is still extremely common, but a growing number of bad actors are opting instead for coin-mining malware which can net them easy access to revenue streams with very little effort. It also appears ransomware is becoming a go-to tool for disruption instead of cybercriminal profiteering.
Companies will need to continue protecting their businesses against DDoS attacks, especially by attack groups who find unique ways to overload and disrupt networks. As always, cybercriminals are seeking to turn a quick profit as quickly and easily as possible. Meanwhile, more cybercriminal groups are popping up, many of which are backed by governments seeking to cause problems for political purposes.