The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult, however, to actually quantify the risks of being targeted by these attacks. Keeping track of the trends in cyberthreats, the different attackers and types of attacks and how they change over time can be a daunting task, but it is important to understand what to look out for and, perhaps more importantly, exactly how much is at stake in these attacks.
Recent Attack Trends
There are a vast number of cybercriminals out there looking to take advantage of tech users through a variety of means and for a wide range of nefarious ends. According to the Cybersecurity Insiders 2023 Zero Trust Security Report, 46% of survey respondents cited cyber attacks as one of the top challenges their organizations must overcome in order to secure access to all applications and resources. The 2022 Cyberthreat Defense Report from CyberEdge Group shows similar trends: 79.7% of US respondents indicated an expectation that their organizations would be compromised in the following 12 months; 87.6% were affected by a web or mobile app attack, while 81.6% were affected by ransomware in the previous 12 months.
US respondents also indicated that 50.1% of security applications and services were delivered via the cloud. This figure, combined with the fact that as many as 54 million workers in the USA need to work from home at least once a week, emphasizes the importance of cloud security for the protection of remote and hybrid employees and their organizations. 2022 saw a rise in cybercrime including supply chain attacks and disruptions, mobile device and API attacks, and attacks enabled by AI and machine learning, mirroring the growing popularity of these technologies outside of criminal circles.
Costs and Consequences
Earlier this year, three cybercriminals were prosecuted in a US federal court for an extensive scam that ran from February 2016 to July 2017. This one business email compromise (BEC) scam is said to have cost its victims more than six million USD, and the men behind it were not caught for several years. Since their initial scam was active, the frequency of cyberattacks and the overall costs have increased greatly. The US Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) estimated, based on a combination of reported attacks, law enforcement reports, and financial institution files, that BEC cost victims more than 43 billion USD between 2016 and 2021.
The IC3 2022 Internet Crime Report reveals more broad and recent figures. The number of complaints received annually has steadily gone up for the last five years, with the exception of a slight decrease in 2022, and annual losses have increased steadily as well. In 2018, the IC3 received around 350,000 complaints and a total loss of 2.7 billion USD, numbers that are certainly nothing to scoff at. However, they are dwarfed in comparison with last year: 2022 saw the IC3 receiving more than 800,000 complaints and victims losing 10.3 billion USD.
With organizations and individuals alike only becoming more dependent upon and integrated with their digital presence, there is near consensus among experts that cybercrime will only continue to increase in the coming years. Estimates from Statista’s Cybersecurity Outlook see the annual global cost of cybercrime rising to nearly 24 trillion USD by 2027, compared to 2022’s 8.4 trillion. The added risks that came with the COVID-19 pandemic—increases in remote and hybrid workers and increased dependence on cloud technology—have not disappeared, and cybercriminals continue to adapt and advance their tactics in an attempt to outpace cybersecurity professionals.
Additional developments in the tech world—such as the popularity of AI, the Internet of Things, and cryptocurrency—are also a breeding ground for cybercriminal activity. Bad actors rely on a combination of tried and true methods and innovative tactics to successfully launch an attack, whether it be an email phishing scam sent to individuals or a full ransomware attack on a large organization. Cybercriminals see that their attacks are successful and model future attacks on that, leading to a 15% annual growth rate in returns that is likely to spur more and more cybercrime.
While many of these statistics are jarring and do not bode well for cybersecurity professionals or organizations, it is not entirely hopeless. Using recent threat trends and projections for future developments alongside industry expertise, an organization or even an individual can build a security strategy to protect against these attacks. Knowing what types of attacks are most common and how to detect and identify them is half the battle; the rest comes down to security policies, measures, and solutions in place to protect as much as possible and prevent cybercriminals from successfully attacking.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.