2021 has been a banner year for cyber criminals, they have taken advantage of the COVID-19 pandemic and the increase in remote work, attacking both technical and social vulnerabilities.
This historic increase in cyber crime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Piled on top of that is a growing wave of ransomware and software supply chain attacks.
The most vital and current cyber security stats below show how threats have grown in scale and complexity over the past year-plus. While most of the research cited here was released within the past year, it does not necessarily reflect today’s risk environment. The data collectively suggest trends that are likely to continue into the near future.
Top cyber security threats and trends
A total of 5,258 confirmed data breaches occurred in 16 different industries and four world regions, according to the Verizon 2021 Data Breach Investigations Report (DBIR), which analysed data from 29,307 incidents. Of those breaches, 86 per cent were financially motivated. That’s a sharp rise from the 3,950 confirmed breaches (out of 32,002 incidents) from the 2020 DBIR.
Nearly half (49 per cent) of IT executives said their top security priority is the protection of sensitive data, according to the 2020 IDG Security Priorities Study, which surveyed 522 IT and security executives.
In 2020, the Internet Crime Complaint Center (IC3) received over 28,500 complaints related to COVID-19, according to the 2020 FBI Internet Crime Report.
IC3 saw a 69 per cent increase in complaints from 2019, receiving 791,790 complaints total, with losses exceeding $4.1 billion. According to IC3, the costliest attacks are business email compromise (BEC) schemes, with 19,369 total complaints and a loss of $1.8 billion.
By September 2020, the average ransom payment peaked at $233,817, according to the 2021 Webroot Brightcloud Threat Report. The report also found that 86 per cent of malware is unique to a single PC, and phishing spiked by 510 per cent from January to February 2020 alone.
Phishing statistics and trends
Phishing and other forms of social engineering, with criminals targeting human rather than technical vulnerabilities, remains a tried-and-true attack method. According to the FBI’s IC3, as of 2020 phishing is by far the most common attack performed by cybercriminals.
In 2020, the key drivers for phishing and fraud were COVID-19, remote work, and technology, said the 2021 State of Phishing & Online Fraud Report.
In 2020, 6.95 million new phishing and scam pages were created, with the highest number of new phishing and scam sites in one month of 206,310.
- Key themes used for scams include COVID, gift cards, and gaming hacks.
- The top three industries targeted in phishing attacks were technology, retail and finance.
- The top three countries where scams were hosted were US, Russia and British Virgin Isles.
- The top email service used for phishing kits was Gmail.
Not surprisingly with the increase in phishing attacks, email security was ranked as the top IT security project of 2021, according to the Greathorn 2021 Email Security Benchmark Report.
Botnet statistics and trends
Cyber criminal groups use botnets -- automated collections of compromised, internet-connected devices -- to disrupt targets via distributed denial of service (DDoS) attacks or enhance the effectiveness of other activities. That includes sending large volumes of spam, stealing credentials at scale, or spying on people and organisations.
Botnets have been a problem for years and it’s getting worse. Many internet of things (IoT) devices have few or no security features, and organisations often fail to follow best practices to mitigate the risks of device compromise.
According to the 2021 Imperva Bad Bot Report, bad bot traffic amounted to 25.6 per cent of all website traffic in 2020, up 6.2 per cent from the previous year. What’s worse, advanced persistent bots (APBs) accounted for 57.1 per cent of bad bot traffic in 2020. That indicates cybercriminals are becoming more sophisticated in their use of botnets.
How criminals use botnets varies by industry. Below is a breakdown of the most common malicious botnet activity in the top five industries with the most bad-bot traffic:
- Telecom and ISPs (45.7 per cent): account takeover, competitive price scraping
- Computing and IT (41.1 per cent): account takeover, scraping
- Sports (33.7 per cent): data scraping of scores, betting odds
- News (33 per cent): custom content scraping, ad fraud, comment spam
- Business services (29.7 per cent): attacks on the API layer, data scraping, account takeover
Over 28 per cent of bots are self-reporting as mobile user agents, an increase of 12.9 per cent from the previous year. This coincides with a drop of over 11 per cent (79.4 per cent to 68 per cent) of bots self-reporting as either Chrome, Firefox, Safari, or Internet Explorer for the same period.
Cloud security statistics and trends
With so many employees now working remote, either full time or in a hybrid environment, more business is also being done on cloud platforms, increasing the need for security policies and controls around cloud infrastructure.
This is evident in the Unit 42 Cloud Threat Report, which found that in the early days of the pandemic employees working remotely grew from 20 per cent to 71 per cent. After the World Health Organization (WHO) declared COVID-19 a pandemic in March 2020, not only did remote work increase but organisations accelerated their cloud migration plans overall.
Using data pulled from a global array of sensors, cloud threat researchers found a correlation between the increased cloud spend due to COVID-19 and security incidents. Enterprises quickly scaled their cloud spend in the third quarter of 2020 with an increase of 28 per cent from the same quarter in 2019. In the second quarter of 2020, cloud security incidents:
- Increased by 188 per cent overall
- Grew by 402 per cent in retail
- Grew by 230 per cent in manufacturing
- Grew by 205 per cent in government
Open source and third-party risks
As businesses accelerate their digital transformations, the popularity of code reuse, which includes open-source libraries and frameworks, has expanded with today’s typical application containing dozens to hundreds of libraries for core functionality.
The efficiencies of using libraries like this have in turn created another potential attack vector for cyber criminals. Today the average Java application has 50 open source vulnerabilities, said the Contrast Labs Open Source Security Report.
- The average application has 118 libraries, but only 38 per cent of those libraries are active
- The average library uses a version that is six years old and has 50 open-course vulnerabilities
- Java libraries in apps have a 16 per cent chance of having a critical or major vulnerability
- The odds of an app having a vulnerability in a Java library increase from seven per cent to 44 per cent when the library ages from one to four years
- 69 per cent of Java apps have a library with a high-risk licence
- 99 per cent of organisations have at least one high-risk Java licence.
Cyber fraud statistics and trends
The huge increase in traffic and volume across digital channels has led to an historic increase in cyber fraud, with criminals often using the volume to hide their activities. Experts estimate more than $1 trillion was lost globally to cybercrime in 2020. According to the Sift Q1 2021 Trust & Safety Index, in 2020 the pandemic increased online giving by 20.7 per cent. This increase in traffic provided cover to fraudsters that hid behind transaction surges:
- Ransomware attacks grew by over 40 per cent
- Email malware attacks were up by 600 per cent compared to 2019.
- Loyalty merchants saw fraud rates jump by 275 per cent compared to 2019.
The top three targets by vertical in 2020 were:
- Transportation (8.4 per cent attempted fraud rate)
- Crypto exchanges (4.6 per cent)
- Gaming/gambling (3.7 per cent)
DDoS attack statistics and trends
DDoS attacks are getting bolder and bigger. Akamai, the content delivery network (CDN) and cloud services company, reported mitigating some of the largest attacks ever seen, according to Akamai’s 2020 DDoS Retrospective. In 2021 it had already seen more attacks over 50 Gbps than in all of 2019. Akamai also reports the number of customers targeted were up 57 per cent year over year, with numbers increasing to record volume and diversity across regions and geographies.
In March 2021, three of the six biggest volumetric DDoS attacks Akamai ever recorded occurred, including the two largest known DDoS extortion attacks to date.
Ransomware statistics and trends
Ransomware is one of the top threats in cyber security. With 878 cyberattacks in 2020, 18 per cent of which were ransomware, according to the Identity Theft Resource Center. Organisations around the world are being held hostage by ransomware, with many paying up solely to avoid the cost and downtime of not paying the criminals. In short, cybercriminals are making and demanding more money than ever.
- The average ransom paid increased 171 per cent from 2019 to 2020 ($115,123 to $312,493), said the 2021 Unit 42 Ransomware Threat Report.
- The highest ransom paid doubled from 2019 to 2020 from $5 million to $10 million.
Defensive preparation and response statistics and trends
The unpredictability of planning for security and budgeting has become even more challenging with the advent of the pandemic. As threat actors have ramped up their efforts in the wake of the pandemic, 31 per cent of respondents believe their risk response efforts are under-funded, According to the 2020 CSO Security Priorities Study.
- 38 per cent said they will spend more on response planning
- 30 per cent will update and modernise business continuity plans
- 28 per cent were piloting zero-trust
- 40 per cent say it’s on their radar or they are evaluating options
Cyber security hiring/staffing statistics and trends
With the increase in remote working and a reliance on technology tools and infrastructure, COVID-19 has shifted demand for certain roles, with an increased need for developers, as well as help desk and cyber security professionals, according to a study by Robert Half Technology.
This is critical since according to 74 per cent of workers they want to work remotely more frequently following the pandemic, regardless of their business’s hybrid work plans.
IT managers (44 per cent) said they have shortened the hiring process as a direct result of COVID-19 trying to get in demand skilled tech workers in the door before they get poached by other firms. For companies that cannot bring in qualified people from the outside, 42 per cent of companies plan to launch up-skilling initiatives, said a Korn Ferry study.
The top three hiring changes Korn Ferry found US companies making due to COVID-19 were:
- Conducted remote interviews and onboarding (54 per cent)
- Shortened the hiring process (42 per cent)
- Advertised fully remote jobs (42 per cent)
There is considerable debate on the internet about whether cyber security truly faces a shortage of qualified workers, or whether corporate hiring practices and preferences are creating that perception. Nevertheless, one widely cited stat is ISC2's finding that more than half (57 per cent) of organisations surveyed face increased risks due to staffing challenges.