The Internet Society’s Online Trust Alliance (OTA) released its Cyber Incident & Breach Trends Report for 2018 today, which found that cyber incidents cost $45 billion last year on a worldwide basis. The report also emphasized that 95 percent of those incidents could have been avoided.
In positive news, overall breaches and incidents of exposed records were down in 2018. However, the data also indicated that cybercriminals are strengthening their ability to monetize their activities. The report acknowledged that the total cost of cyber incidents is likely higher than the $45 billion it mentions in the report, because of how many incidents are never reported publicly.
“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of OTA. “The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”
The report identified a few top trends in cyberattacks in 2018:
- Deceptive Email: The report noted that Business Email Compromise (BEC) doubled in 2018 with a total of $1.3 billion in losses. It also said companies are warding off these attacks by improving how they indicate which emails originate within their network and which come from outside.
- Attacks via Third Parties: Supply chain attacks, which OTA describes as when “attackers infiltrate via third-party website content, vendors’ software or third-parties’ credentials,” continued to proliferate and morph. OTA estimates a 78 percent increase in this genre of attacks in 2018, with an average cost per attack of $1.1 million. The report also found that half of all cyberattacks involve supply chains.
- Governments Under Attack: The report found a rise in ransomware attacks against state and local governments, with many localities either forced to pay hefty ransoms or rebuild their networks after an attack. The report said that local governments are “particularly vulnerable” due to their reliance on outdated technology.
- Issues in the Cloud: OTA said that 2018 “brought a rash of sensitive data being left open to the Internet due to misconfigured cloud services.” Further, given companies’ dependence on third-party cloud services, “it is increasingly important to ensure cloud storage is secure,” the report said.
- Credential Stuffing Rises: Credential stuffing, a relatively new attack style, increased in 2018. The report noted that there are more than 2.2 billion breached credentials on the black market and given users’ reliance on identical logins and passwords across numerous services and apps, attackers are “harnessing ultra-fast computers and known username/password pairs or commonly used passwords to gain access directly to accounts across a wide range of industries.”