In September, the first evaluation data began to emerge on what the first half of the year has yielded in terms of the issue of cyber security. The results do not seem to be too reassuring and one can see how they coincide in pointing to a boom in the number of incidents that seems to have no end.
The number of cyber incidents related to Covid-19 increased fivefold in the first two weeks of March in both Europe and the United States. This shows how cyber-criminals from the outset found a significant source of use for this problem. As far as the months of May and June are concerned, around 60% of the emails that users received had a fraudulent purpose, including phishing or malware campaigns, generally with the Covid-19 as a hook.
In addition, approximately 40% of emails sent today that are related to the Covid-19 are spam or seek to obtain confidential information from users.
In the first part of this 2020, the threat that has experienced the most growth has been Ransomware, followed by complaints about Exploits that have also increased, and banking Trojan campaigns that have multiplied by 7 compared to the first part of 2019.
In addition, 41% of cyber insurance claims made by SMEs in the United States and Canada during the first half of the year were directly related to data kidnapping, leading to a 47% increase in the amounts demanded by cyber criminals to release information, rising from $230,000 in the first quarter to $338,000 in the second quarter of this year.
On the other hand, there has also been a change in the operations of cybercriminals who, when using ransomware, first steal the data before encrypting it. The aim is to threaten to make the information public unless the amount required for the ransom is paid.
At a sectoral level, ransomware has an equal impact on all types of industries and it is also worth noting that many of these attacks have been linked to Covid-19, in large part caused by basic security failures, related to the use of authentication systems, passwords or email security protocols, etc.
Worrying growth during the summer
The increase in cyber-attacks during the summer period is of considerable concern to experts, as more and more organisations of all sizes are rendered completely inoperable by a ransomware attack.
At the same time, consumers are becoming increasingly lax about cyber attacks. There has been a significant decrease in the level of tolerance by consumers towards those companies they work with and which may have suffered a cyber attack, even wanting to change companies if they suffer some kind of cyber attack.
Although ransomware attacks are the most common and fastest growing threat, they are not the only threat that companies need to watch out for. 2020 comes with a whole new level of threats to cyber security that businesses need to be aware of:
The global cybersecurity market is currently worth $173 billion, and is projected to reach $270 billion by 2026.
Large companies are taking cyber security more seriously than ever before. Cyber attacks and data fraud were the third largest commercial concerns related to Covid. It is a challenge for many organizations, but also an opportunity for startups, as investment in these types of cyber companies continues to increase every year. For example, in the UK, investment in cybersecurity startups has increased by 940% in 2020, compared to the same quarter in 2019.
As trends in cyber security evolve at an exponential rate year on year, corporate and emerging business leaders must join forces to keep up.
Many companies are moving forward with their digital business initiatives, making decisions about cyber security virtually every day. The increase in cyber risk is real, but so are data security solutions. For example, there are tools that accurately assess why employees click on certain phishing emails. These tools use real-time data to assess the complexity and quality of phishing attacks to help organisations understand where their vulnerabilities, especially human ones, lie.
In this regard, many companies regularly conduct phishing training exercises to see if their employees can distinguish between real and phishing emails. These trainings aim to increase employee vigilance and teach them to detect signs of phishing attacks. Organisations that are well informed about emerging technologies and the corresponding threats will be in a better position to make winning decisions.
There is no doubt that cyber-attacks have been on the increase for years and that the Covid-19 crisis has only aggravated this problem. A crucial conclusion to be drawn from this data is that the main factor to be dealt with in order to prevent the attacks that are currently growing is the human factor. Obviously, advanced security technologies and protocols are also needed, but training, both for employees and consumers, is probably the most important factor at this time in preventing fraud from occurring.
It is therefore crucial to focus on promoting good practices so that users are able to identify and reject suspicious emails, verify senders, check URLs before clicking on them, do not provide sensitive data without being 100% sure of the recipient, etc.
Working proactively on this aspect of training can help organisations of all sizes and from all sectors to be more aware of the economic and brand reputation problems that can eventually be encountered.