Businesses around the world are still in a critical and challenging season due to the global COVID-19 pandemic. Making things worse, we see a surge in cyberattacks during the 2020/2021 year. Recent cyber attack statistics indicate that the total cost of cybercrimes in 2020 was about 1 trillion dollars and about 445 million cyber attacks occurred just in the first half of 2020. So there is a fair chance that your business will unknowingly be a victim to some sophisticated cyberattack this year.
A cyber attack is an offensive attack launched by an individual or more computers to disrupt, destroy, disable, or gain unauthorized control of information systems, computer networks, a workstation, or any computing device.
The Top Cybersecurity Threats of 2021
#1 Malware Attacks
Malware is malicious software that can harm or offensively maneuver your computer and the data in it. Malware often enters your device either disguised as a harmless application or hiding in another file. An array of malware types exist around us today known by names such as ransomware, credential stealers, keyloggers, cryptocurrency miners, trojans, etc.
- Malware spreading through employees with infected machines has hiked up to 74% from 61% in 2020.
- Ransomware, phishing will remain primary risks in 2021.
- Global cybercrime costs are expected to grow by 15% per year reaching $6 trillion annually in 2021 and $10.5 trillion annually by 2025.
- Reason Labs reports 24,525,450 malware threats alone in July 2021.
Phishing is a cybercrime engineered to gather personal or sensitive information using deceptive websites and emails.
- As per Google’s Transparency Report, over 2.1 million websites have been removed as of 17 January 2021 that were deemed as phishing sites. This is an increase of 27% compared to 19 January 2020.
- The 2021 Verizon’s Data Breach Investigations Report identifies “phishing” as the top “action variety”(43%) seen among cybercrimes in the last year and notes that phishing causes 90% of data breaches.
- 5% of all emails fall into ‘phishing emails’.
#3 Ransomware Attacks
Ransomware is malware that can force you out from your computer or data by locking your computer or encrypting computer data unless you pay the criminal a ransom. Often, ransomware finds its way into your device through phishing emails, RDP, and software vulnerabilities. If a victim refuses to pay the ransom, attackers may dump and sell critical data on the dark web and leverage your system to launch further attacks against other environments.
- Average and median ransom payments in Q1 2021 are $220,298 (up by 43% from Q4 2020) and $78,398 (up by 59% from Q4 2020) respectively.
- Professional services (25%), healthcare (12%), and public sector (12%) industries have been hit with the most ransomware attacks in Q1 2021.
- 80% of organizations that paid a ransom had experienced a second attack.
- Colonial Pipeline CEO admits to authorizing a $4.4 million ransomware payment, and JBS says it paid $11 million ransom.
- The average cost of recovery from ransomware in 2021 has ballooned up to $1.85 million, more than double in 2020 ($761,106).
#4 DDoS Attacks
Hackers gain control of hundreds and thousands of computers including, IoT devices, to unleash DDoS attacks and flood their servers with a shedload of requests such that the servers overload and fail. Overloaded servers mean slow servers and delayed customer interactions. A 100 milliseconds delay in load time has been estimated as hurting sales up to 7%.
- DDoS attacks targeting the public sector websites have increased by 491%, whereas for the consumer services industry, the rate is up by 684% in Q2 2021.
- The majority of DDoS attacks are originated in China. Cloudflare reports that 7 out of 1000 HTTP requests from China are attempts of DDoS attacks.
- Most DDoS attempts are repeated and short-lived attacks. More than 90% of attacks in Q1 2021 have not lasted more than four hours.
Read more about different types of cyber attacks here.
Knowing the nature of the threats is the first step to stop them before they cause harm.
Prevention is Better than Cure And So Do for Cyber Attacks
Cybersecurity experts, in general, recommend the following strategies as the first line of defense for every business:
- Keep the systems and IT infrastructure in your business up to date.
- Monitor and patch security vulnerabilities.
- Monitor for phishing emails.
- Execute a regular data backup and recovery procedure.
- Provide security awareness training to all the staff.
- Invest in a cyber insurance plan.
- Ensure your business website is patched up against the internet security loopholes.
- Keep in hand an action and recovery plan for when an attack occurs.
The days of generic threats are over. Businesses in 2021 face high-end sophisticated cyber attacks. Ramifications of attacks are sprawling swiftly. Cybercriminals are not amateurs anymore that exploit simple vulnerabilities, but criminal organizations evolved to hurl complex attacks.
About Ashley Lukehart
Ashley has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.