This year is shaping out to be another rough year for cybersecurity. Criminal groups and state-sponsored hackers from Russia and China have stepped up their game, targeting everyone from individual consumers to big corporations like Cisco, Nvidia and Samsung.
According to IBM, the average cost of a data breach has climbed from $3.86 million in 2020 to over $4.3 million this year, an increase of 12.7 percent. Healthcare data, cryptocurrency deposits, software source code and critical infrastructure are all fair game from cyber-attacks this year. With that in mind, here’s what you need to be on the look for.
Ransomware Attacks
In 2020-2021, ransomware dominated the cybersecurity discourse, impacting over 37 percent of all business organizations. Groups like Darkside, REvil, Conti and LockBit were behind some of the biggest ransomware attacks costing their victims tens of millions of dollars.
Thanks to increased awareness among firms, attacks have fallen by almost 23 percent overall in H1 2022. The month of June experienced the lowest number of attacks in the last two years. Still, organizations cannot afford to let their guard down – newer threats are being discovered with each passing day.
Phishing
While there was some positive news from ransomware attacks, there has been no such luck on the phishing front. Quarterly figures for phishing attacks exceeded 1 million for the first time in Q1 2022, according to the Anti-Phishing Working Group. Financial services were the most affected, with a 35 percent increase in attacks year on year, followed by crypto-businesses and healthcare sectors. Of considerable concern is the rise of credential theft targeting executives and employees of businesses and corporations.
The Cost Common Phishing Attack Vectors in 2022
IT systems suffer from multiple security vulnerabilities due to a combination of human error, software flaws and ignorance. Over the years, cybercriminals have developed multiple attack vectors in phishing to target these common vulnerabilities.
Recent data indicate that the following types of phishing attacks continue to dominate cybersecurity in 2022:
E-Mail Attachments
Attackers have used e-mails with .pdf and .html file extensions in over 30 percent of all phishing attacks this year. When unsuspecting user tries to open these files, they are prompted to visit a fake website and provide their login credentials. The attacker can then use these credentials to gain access to secure networks.
Credential Phishing
E-mails impersonating trusted service providers like banks and utility providers are also quite popular. Victims end up visiting a fake website, which usually resembles a popular domain like Google or Adobe. When you enter any login credentials on these sites, the attackers gain access to your systems and sensitive data.
Tax/Donation-Based Phishing
Fake IRS websites replete with W9 forms have also popped up in 2022. These attacks usually increase in severity as the deadline for the filing of returns looms large. Many taxpayers are in the last moment rush and fail to spot the impersonator. Unscrupulous criminal groups have exploited even the ongoing war in Ukraine for phishing, using fake websites to solicit donations.
Increasing Cybersecurity Implications for Individuals
Over 200 million individuals were affected by cyber-attacks and data breaches in 2021, as criminals gained access to confidential data stored in 22 billion records. Names and login credentials, Social Security information, healthcare data and insurance data are all highly prized among attackers these days.
All this is contributing to an alarming rise in the incidence of identity theft across the U.S. The numbers are up across the board since 2020, matching the rise in cybercrime with the COVID outbreak. According to identitytheft.org, there is an identity theft case happening once every 22 seconds, with total costs topping $5.8 billion in 2021.
With more than half of all Americans experiencing some form of identity theft since 2020, there is no room for complacency. As we spend more time online using email and social media, we are becoming more vulnerable than ever.
Since attackers can gain access to sensitive data from a wide range of sources, it is virtually impossible to prevent identity theft from happening at some point. But you can take steps to minimize the impact of a data breach. Innovative monitoring tools like LifeLock can make a difference.
Their identity theft protection services combine data from different sources to detect signs of potential identity theft — your credit activity, dark websites, unauthorized access, criminal activity involving your (stolen) identity and so on.
Be Prepared
From reimbursement of lost funds to identity restoration, several corrective measures are possible in the event of identity theft. Unlike in the past, you have more options at your disposal to deal with identity theft and cybercrime. The important thing is to be prepared.
