On Tuesday July 9, 2019 the Internet Society’s Online Trust Alliance (OTA) released its 11th Cyber Incident & Breach Trends report, which provides an overview of cyber incidents – and offers steps organizations can take to prevent and mitigate the potential damage. This year’s report found a shifting landscape of cyber incidents. As the growth of some attack types levels off, others increase.
Adding
it all up, OTA estimates that there were more than 2 million cyber incidents in
2018, and it is likely that even this number significantly underestimates the
actual problem. OTA estimates an overall financial impact of at least $45 billion worldwide. The lead categories of attacks are
cryptojacking (1.3 million) and ransomware (500,000), followed by breaches
(60,000), supply chain (at least 60,000 infected websites), and Business Email
Compromise (20,000).
There are many organizations that
track data breaches overall. For example, Risk Based Security Reported the
highest number at 6,515 breaches and
5 billion exposed records, both down from 2017. These estimates vary depending
on their methodologies – see our full report
for all of the breach estimates and our methodology.
One well-established attack type, ransomware,
saw a decline in 2018. However, the
total dollar value of these attacks continues to grow. Another well-known
attack is Distributed Denial of Service (DDoS). Examples
of successful DDoS attacks in 2018 range from banking
(ABN AMRO) to education
(Infinite Campus) to email services (ProtonMail) to software services (GitHub).
Business
Email Compromise, where employees are deceived into sending funds to attackers
posing as employees of a firm, also grew. The FBI’s
2018 Internet Crime Report reported more
than 20,000 incidents in the U.S., resulting in nearly $1.3 billion in losses
(an increase from approximately 16,000 incidents and $677 million in losses in
2017).
New to this year’s report is cryptojacking, which saw a marked increase in 2018. Trend Micro detected more than 1.3 million instances of cryptojacking code in 2018, a greater than three-fold increase from 2017. Supply chain attacks, also new to the report, grew as well. Symantec’s Internet Security Threat Report reported a 78% growth in supply chain attacks.
Other
attack categories are based on the shifting infrastructure of the Internet.
Many businesses rely on cloud services for some or all of their operations and
as a result have become a target for attacks. One estimate by research firm Digital Shadows found that in 2018 there were 1.5 billion files exposed around
the world solely due to misconfigurations in cloud services.
IoT
devices are increasingly becoming tools to carry out various types of attacks,
from DDoS to cryptojacking. Kaspersky Labs reported that in the first half of 2018 they saw a
three-fold increase in the number of malware variations used to attack IoT
devices.
But
the report offers advice on how organizations can better prevent and mitigate
cyber incidents. Organizations can use the OTA IoT Trust Framework to help make the entire IoT ecosystem safer. They
can also follow the recommendations in the Cyber
Incident & Breach Trends report.
While
the landscape of cyber incidents is both vast and shifting – and may include
new attack types – the guidance offered in the report remains largely
unchanged. Organizations must remain vigilant and assume that at some point
they will have to deal with a cyber incident. Following the recommendations in
the Cyber
Incident & Breach Trends report
is a good first step.
The post Internet Society’s Online Trust Alliance 2018 Cyber Incidents & Breach Trends Report appeared first on Internet Society.