As the year winds to a close, it is important to reflect on the threat landscape in 2021. The reason why it’s so important to understand threats from the past year is because many will continue to evolve throughout 2022.
We have already seen threat actors efficiently evolve their tactics over the last year with ‘as a Service’ models, such as RaaS, giving lower skilled actors access to advanced kits. Furthermore, quick adoption of cloud security and other technologies over the pandemic has led to many organisations now finding themselves exposed. However, the concern around cyber security has increased within governments globally with many taking further action to counter the operations of cyber criminals and help businesses protect themselves by raising awareness of these challenges.
SUPPLY CHAIN ATTACK
More than 90% of firms across the globe have experienced breaches as a result of supply chain weaknesses. (BlueVoyant)
In 66% of supply chain attacks, suppliers did not know or failed to report that they were compromised. (ENISA)
63% of third-party code used in building cloud infrastructure contained insecure configurations. (Palo Alto Networks)
95% of organisations have security solutions in place to prevent/mitigate ransomware attacks. However, 63% have been a victim of a ransomware attack in the last year. (Ivanti)
Ransomware attacks still disproportionately affect small and medium sized businesses. In Q1 2021, 68% of companies had less than 1000 employees. (Coveware)
83% of ransomware attacks involved the threat to leak exfiltrated data. (Coveware)
80% of organisations who paid a ransom experienced another attack. With 46% of organisations believing the second attack was perpetrated by the same cybercriminals as the first. (CyberReason)
Only 8% of organisation that paid a ransom got all their data back. 29% couldn’t recover more than half the encrypted data. (Sophos)
There was a 53% increase in the number of organizations affected with WannaCry ransomware from January to March 2021. Two-thirds of companies still haven’t patched their systems to protect themselves from WannaCry. (Ivanti)
96% of phishing attacks arrive by email. (Tessian)
70% of the companies expect their business to be harmed by an email-borne attack. (Mimecast)
91% of successful data breaches started with a spear phishing attack. (KnowBe4)
While the Legal sector isn’t in the top three most targeted industries, nearly 80% of firms say they’ve been targeted by a phishing attack. (Tessian)
2,000,000 emails, which slipped past customers’ existing tools (like SEGs), were flagged as malicious between July 2020 and July 2021.
Only 51% of respondents always report when they receive a phishing email or click on a phishing email. (Tessian)
47% saw an increase in email spoofing activity. (Mimecast)
While supply chain, ransomware and phishing attacks have been the key trends this year, there have been other areas of concern that are also important to note:
50% of all businesses believe they have a technical cyber security skills gap. (Department for Digital, Culture, Media and Sport)
2 out of 3 executives would feel very or extremely responsible if a successful attack occurred. 60% said that it’s their job to protect the company, and 48% said it would be because they underestimated the risk of a ransomware attack. (Mimecast)
71% of IT and security professionals find patching to be overly complex and time-consuming. (Ivanti)
53% said that organizing and prioritizing vulnerabilities takes up most of their time. (Ivanti)
57% of IT professionals believe that the global transition towards a decentralized workspace has made patch management more complex to deal with. (Ivanti)
The average total cost of a data breach increased by nearly 10% year over year, the largest single year cost increase in the last seven years. (IBM)
Human error was involved in 85% of breaches. (Verizon)
54% of IT decision makers are worried remote workers will bring infected devices and malware into the office. (Tessian)
Threats related to Covid-19 have decreased 50% from the first half of 2020 to the first half of 2021. (Trend Micro)
1 in 3 employees think they can get away with riskier security behaviours when working remotely. (Tessian)
70% are concerned about the risks posed by archived conversations from collaboration tools. (Mimecast)
Throughout 2022, Data Connect will continue to protect and educate organisations, please click here if you are interested in receiving updates from us.