In September, the first evaluation data began to emerge on what the first half of the year has yielded in terms of the issue of cyber security. The results do not seem to be too reassuring and one can see how they coincide in pointing to a boom in the number of incidents that seems to have no end.
The number of cyber incidents related to Covid-19 increased fivefold in the first two weeks of March in both Europe and the United States. This shows how cyber-criminals from the outset found a significant source of use for this problem. As far as the months of May and June are concerned, around 60% of the emails that users received had a fraudulent purpose, including phishing or malware campaigns, generally with the Covid-19 as a hook.
In addition, approximately 40% of emails sent today that are related to the Covid-19 are spam or seek to obtain confidential information from users.
Ransomware remains the main threat
In the first part of this 2020, the threat that has experienced the most growth has been Ransomware, followed by complaints about Exploits that have also increased, and banking Trojan campaigns that have multiplied by 7 compared to the first part of 2019.
In addition, 41% of cyber insurance claims made by SMEs in the United States and Canada during the first half of the year were directly related to data kidnapping, leading to a 47% increase in the amounts demanded by cyber criminals to release information, rising from $230,000 in the first quarter to $338,000 in the second quarter of this year.
On the other hand, there has also been a change in the operations of cybercriminals who, when using ransomware, first steal the data before encrypting it. The aim is to threaten to make the information public unless the amount required for the ransom is paid.
At a sectoral level, ransomware has an equal impact on all types of industries and it is also worth noting that many of these attacks have been linked to Covid-19, in large part caused by basic security failures, related to the use of authentication systems, passwords or email security protocols, etc.
Worrying growth during the summer
The increase in cyber-attacks during the summer period is of considerable concern to experts, as more and more organisations of all sizes are rendered completely inoperable by a ransomware attack.
At the same time, consumers are becoming increasingly lax about cyber attacks. There has been a significant decrease in the level of tolerance by consumers towards those companies they work with and which may have suffered a cyber attack, even wanting to change companies if they suffer some kind of cyber attack.
Other major threats
Although ransomware attacks are the most common and fastest growing threat, they are not the only threat that companies need to watch out for. 2020 comes with a whole new level of threats to cyber security that businesses need to be aware of:
- Credential stuffing: Credential stuffing attacks involve the theft of credentials that are used to log into systems. Cybercriminals, by using a database in which they have user accounts with the name and password, and the use of botnets, automatically log in until they find the correct credentials to access. These attacks have increased in recent years and have become a major problem, especially for financial organisations.
- Cloud Jacking: Cloud Jacking is likely to emerge as one of the most important cyber security threats in 2020 due to the increasing dependence of companies on cloud computing. Data suggests that misconfiguration will cause most incidents. These attacks are carried out to spy on, take control of, steal and even modify confidential files and data stored in the cloud.
- IoT devices: The Internet of Things (IoT) market is expected to grow to $1.1 trillion by 2026. This widespread use of IoT devices will lead to a growth in increasingly complex cyber security threats.
- Deepfakes: Deepfake attacks make use of Deep Learning and Artificial Intelligence (AI) to create or manipulate a fake, but seemingly real, image, sound or video of a person. For example, a deepfake might create a video in which the words of a politician are manipulated, making it appear that he is saying something he has never said. Other deepfakes superimpose the faces of popular actors or other celebrities onto other people’s bodies. 2020 could also be the year when deepfakes become more convincing phishing scams than ever before, which could end up costing companies billions of dollars.
- AI-driven Cyber-attacks: Using Artificial Intelligence, cyber-criminals can create programs that mimic known human behavior, and can use these programs to trick people into providing their personal or financial information.
- Vulnerabilities with 5G: With 5G networks rapidly emerging, wireless operators are transferring more calls and data to Wi-Fi networks in an attempt to save bandwidth. Software vulnerabilities in this transfer process provide an opportunity for cybercriminals to compromise security.
Companies take cyber security more seriously than ever
The global cybersecurity market is currently worth $173 billion, and is projected to reach $270 billion by 2026.
Large companies are taking cyber security more seriously than ever before. Cyber attacks and data fraud were the third largest commercial concerns related to Covid. It is a challenge for many organizations, but also an opportunity for startups, as investment in these types of cyber companies continues to increase every year. For example, in the UK, investment in cybersecurity startups has increased by 940% in 2020, compared to the same quarter in 2019.
As trends in cyber security evolve at an exponential rate year on year, corporate and emerging business leaders must join forces to keep up.
Many companies are moving forward with their digital business initiatives, making decisions about cyber security virtually every day. The increase in cyber risk is real, but so are data security solutions. For example, there are tools that accurately assess why employees click on certain phishing emails. These tools use real-time data to assess the complexity and quality of phishing attacks to help organisations understand where their vulnerabilities, especially human ones, lie.
In this regard, many companies regularly conduct phishing training exercises to see if their employees can distinguish between real and phishing emails. These trainings aim to increase employee vigilance and teach them to detect signs of phishing attacks. Organisations that are well informed about emerging technologies and the corresponding threats will be in a better position to make winning decisions.
Conclusions
There is no doubt that cyber-attacks have been on the increase for years and that the Covid-19 crisis has only aggravated this problem. A crucial conclusion to be drawn from this data is that the main factor to be dealt with in order to prevent the attacks that are currently growing is the human factor. Obviously, advanced security technologies and protocols are also needed, but training, both for employees and consumers, is probably the most important factor at this time in preventing fraud from occurring.
It is therefore crucial to focus on promoting good practices so that users are able to identify and reject suspicious emails, verify senders, check URLs before clicking on them, do not provide sensitive data without being 100% sure of the recipient, etc.
Working proactively on this aspect of training can help organisations of all sizes and from all sectors to be more aware of the economic and brand reputation problems that can eventually be encountered.
