Trends in Cybersecurity Breaches
The complete blog was originally posted by Alert Logic on July 7, 2022.
Written by Antonio Sanchez.
You may be used to hearing that cyberattacks are becoming more widespread and destructive every year. Recent world events are underscoring the point. COVID-19 left a lasting mark on our working lives. Remote or hybrid work is now the norm, which means you’re much more likely to use the cloud for secure flexibility, tossing a wider net over remote devices at risk of a data breach.
Meanwhile, geopolitical tensions are simmering more ferociously. Russian hackers are a serious threat to public and private organizations in the West. China, for its part, engaged in “record levels” of cyberattacks throughout 2021. This gives some hacking groups extra reach and resources for large-scale data damage. IBM reports the price of breaches within the U.S. hit the highest average in 17 years.
Whether you’re keeping an eye on advanced phishing, DDoS attacks, malware infections, or preventable cracks in data compliance, there’s much to anticipate these days for your own cybersecurity.
Current Cybersecurity Trends
Some industries are larger targets for a cybersecurity breach, but the focus is narrowing on something that runs through commerce as a whole: the supply chain.
Gartner predicts that by 2025, 45% of organizations will have experienced an attack on their supply software. Why? Because there are many weak entry points – usually smaller, inexperienced companies that don’t have adequate protection. If a bad actor manages to infiltrate one system, grabbing countless pieces of consumer data, they can work their way through the chain and disrupt every organization linked to it.
The 2020 SolarWinds Orion debacle – in which hackers modified raw software code, compromising roughly 100 companies and a dozen government agencies – proved that digital management tools can be a powerful Trojan Horse. The attack installed temporary update files within the software and imitated regular network traffic to cover their tracks. According to Cybersecurity Dive, “in the first nine months of 2021, the Orion breach cost SolarWinds $40 million.” This is meant to shake out to $20 million annually as ‘security by design’ is developed.
Given the dependent nature of supply chains, we cannot ignore this new menace to software that seems safe.
Some areas of activity are in the spotlight for data breaches and ransomware demands for specific industries:
- Healthcare: Packed with extremely sensitive information, healthcare databases are one of the top targets for malicious agents. The U.S. Department of Health & Human Services has revealed that 82 ransomware attacks harmed global healthcare provision from January to May 2021.
- Telecommunications: Telecom continues to be some of the worst hit with cybersecurity attacks. Ernst & Young’s annual risk report claims that operators saw attacks increase by 75% over 2021 with 47% saying “they’ve never been more concerned about their own ability to manage cyber threats.”
- Education: By September 2021, it emerged that educational institutions were hit by 5.8 million cyberattacks around the world – 63% of every ransomware attack.
Cybersecurity stats show these industries, and their supply chains are especially exposed. If you work within them, do not delay in having a full security audit to unmask the weak spots in your business model, user privileges, firewalls, encryption techniques, and remote management.
What are other more general trends guiding cybersecurity to be aware of?
- Small businesses are very vulnerable: Small and medium-sized enterprises (SMEs) are at particular risk as hackers know they are most likely to have immature security measures in place, if any at all. According to insurance experts Advisor Smith, 42% of small businesses suffered a cyberattack last year.
- Quantum computing will change everything: We may still be years away from quantum computers entering the mainstream, but this technology is already fraught with cybersecurity risk and encryption challenges. Quantum secure distribution is under development to catch unauthorized observers as the qubits are translated.
- CISOs are becoming more independent: Typically, a CISO reports to their CIO, making cybersecurity subservient to IT concerns rather than an extension of them. But this is changing too. “A growing trend,” explains Alex Cunningham, a cyber expert, “is for the CISO to report to the chief executive officer, which makes a lot of sense given the CISO’s unique viewpoint across the entire enterprise.”
Read Part 2 of this blog, "The Standout Cybersecurity Stats You Need to Know," here.
Antonio Sanchez serves on the Product Marketing team at Alert Logic by HelpSystems. He has over 20 years of experience in the IT industry focusing on cyber security, information management, and disaster recovery solutions to help organizations of all sizes manage threats and improve their security posture. Antonio is a Certified Information Systems Security Professional (CISSP) and has held various leadership roles at Symantec, Forcepoint, and Dell.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.