The cost of ransom to organizations attacked jumped 60 percent last year, according to a new report released by OTA , which operates under the World Wide Web Association . , But the real number is probably higher, reaching an all-time high.
The report weighs various research reports, including those on security risk management, privacy protection, and Symantec and FBI reports, one of the main findings of which is that the cost of BEC (Business Email Compromise) Carried out in order to motivate employees in the organization using social engineering methods to perform actions in favor of the attacker – doubled. It also shows that the extent of the exploitation of the computers of the victims without their knowledge in favor of the mining of Cryptojacking coins tripled. This type of attack is increasingly appealing to criminals, they explained, because it is a direct route to income and difficult to identify.
The OTA presents these conclusions despite the fact that the total number of breaches and records exposed with secret or private data declined in 2018. According to the report, “Cyber criminals are improving their profits from their activities. More than two million cyber incidents last year caused a $ 45 billion damage. But the actual numbers are expected to be much higher than ever. ”
“While it’s tempting to celebrate the fact that the number of burglaries and breaches fell last year, our report’s findings are grim,” said Jeff Wilbur , technical director of the Alliance, “The financial impact of cyber crime has increased significantly. Cyber criminals become more skilled and more profitable than their attacks. Therefore, while there are fewer loopholes – the number of cyber events and their financial damage is much greater than we have seen in the past. The types of cyber attacks are not new, but continue to be worthwhile for the criminals. ”
[ Might Interest You – Windows must have software – 2019 ]
[ Might Interest You – Most secure VPN software ]
[ Might Interest You – Best Anti malware software ]
A 78% surge in third
According to the OTA report, a 78% jump in third-party attacks occurred last year, with two-thirds of the organizations experiencing an attack at an average cost of $ 1.1 million, accounting for half of all cyber attacks in the supply chain.
It also emerges that although BEC is a known attack vector, the number of such attacks doubled in 2018 and caused organizations losses totaling $ 1.3 billion. Attacks by third parties, such as Not Petya in 2017, have also increased in the past year. The most notable third-party attack in 2018 was Magecart, which touched on payment forms in more than 6,400 E-Commerce sites.
Attacks have been broken against governments
While the total number of attacks has decreased in the past year, the report says there has been a “disturbing increase” in attacks against local and national government organizations around the world, citing the attacks in Baltimore and Atlanta that “led to the disruption of many government services And to rebuild the IT systems of these municipalities. ”
The OTA notes that “local government organizations are particularly vulnerable, as they often rely on obsolete technologies.”
95% of the attacks could be prevented in a simple way
According to the report, there was a “rash” of exposure of sensitive data due to misconfigured cloud services, noting that considering the scale of the organizations that upload their data and services to Amazon , Google and Microsoft , “is more important And ensure that cloud storage is secure. ”
The authors commented that “one of the common problems in cloud computing is not even a real ‘attack’ – it’s a user error.” It seems that, as in recent years, OTA people have found that most cyber events could have been prevented – and easily. Their calculation showed that 95% of events could have been avoided by simple approaches to improving security.
“Our findings indicate that cyber criminals use their penetration capabilities to focus on new, more profitable attacks,” Wilbur said. Organizations need to be up-to-date with the latest security measures and to prevent future cyber events. Best practices can do this. “