DID YOU KNOW A CYBERATTACK HAPPENS EVERY
39 SECONDS?
This staggering amount underscores the imminent need for cyber security to be treated as a global priority. Moreover, with the explosion of generative AI (besides chatGPT as well!), the current 2200 daily attacks, are expected to not only multiply manifold but become far more individualized.
Despite the new technology, ransomware will possibly continue to dominate cybercrime in 2024. In fact, according to Statista, it was the leading motive for more than 72% of cybersecurity in 2023.
Moreover, even with the widespread impact, small and medium-sized businesses (SMBs) seem to be the new bullseye, as documented by 61% of SMBs that were hit in 2023. As such, the expected growth of the global cybersecurity market to $266.2 Billion by 2027, hardly comes as a surprise.
As such, with the alarming 8.9% CAGR of the cybersecurity industry, Gartner predicts, that 50% of C-suite leaders will have cybersecurity risk-related performance requirements embedded in their contracts by 2026.
Top 5 Countries by Cybercrime Density
Headliners for Cybersecurity in 2023
At the time of writing, 28778 new vulnerabilities have been discovered in 2023 alone, dwarfing 2022’s total vulnerabilities by nearly 3700+. In fact, at the current rate of 14.8%, 2024 will have 33K+ CVEs.
Conversely, recent research by the World Economic Forum reveals a striking lack of confidence among organizations. Only 4% of organizations are confident in their assurance of security to “users of connected devices and related technologies are protected against cyberattacks.”
This unfortunately indicates that most organizations (federal and private) have adopted a reactive rather than proactive approach to cybersecurity i.e. they place damage control campaigns on a higher priority than preventative vigilance.
Simply put, Fortra’s reactive stance allowed hackers to exploit a zero-day vulnerability and trigger a domino effect for 130+ companies. In contrast, Google’s proactive measures successfully defended against a massive DDoS attack, handling over 398 million requests per second.
Adding to the bad news, IBM’s 2023 report indicates the average cost of a corporate data breach in 2023 stood at $4.45 million. However, supply chain attacks can far exceed such a cost, especially in the case of key APIs.
The infamous MOVEit Supply Chain Attack in June was plenty of proof, as it managed to compromise more than 620 organizations including bigwigs such as BBC and British Airways.
By the same token, Gartner predicts that over the next two years, 45% of global organizations will be impacted in some way by a supply chain attack. The takeaway – your organization is only as strong as its weakest link.
The bad news doesn’t end there. The same IBM report also found that 82% of breaches included cloud-based data, with ransomware at the forefront. More frighteningly, even with blockchain safeguards, hackers got away with more than $2 Billion in cryptocurrencies in 2023.
However, that would still just be some nominal pocket change in the burgeoning $8 Trillion cybercrime economy of 2023. To put this in perspective, the world lost $255,000 every second this year to cyberattacks.
Let’s take a look at some of the emerging trends in 2023.
Popular Cybersecurity Trends in 2023
As the threat landscape evolves with new threat vectors to novel methodologies and techniques, AIML as well as intricate social engineering tactics emerged as new favourites in 2023. Let’s take a deeper dive into some of the popular cybersecurity or rather cybercrime trends of 2024:
Malware
Key Takeaways
- According to Parachute, threat actors deployed an average of 11.5 attacks per minute, including 1.7 novel malware samples per minute in 2023.
- 92% of malware was delivered via email.
- Quoting IBM, “The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain.”
In layman’s language, malware is malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Some of the most popular variants include viruses, worms, and ransomware among others.
Although, it has dominated the cyberattacks billboard for several years along with global summits—from COP28 to Davos—the existing strategies continue to fail. This is due to two major reasons, the growing sophistication of the attacks thanks to genAI and lack of cohesive management tools.
Don’t believe us? In the first half of 2022, 2.8 billion malware attacks occurred, and that’s not even counting the 5,520,908 mobile malware, adware, and riskware attacks that were blocked in Q2 2022.
Moreover, the first half of 2022 saw a massive 976.7% increase in Emotet detections compared to the first half of 2021. Iran is the country most impacted by mobile malware attacks, and the VBA Trojan was the most common malware variant in 2022.
How can you protect yourself from malware attacks?
- Use security software to detect and remove malicious programs.
- Leverage MFA and strong passwords to make it harder for attackers to access your device or accounts.
- Use up-to-date software, as older versions often have vulnerabilities.
- Never click on links from unknown sources as this is a common way for attackers to spread malware.
Ransomware
Key Takeaways
- The average ransom in 2023 was $1.54 million, which is almost double the 2022 figure of $812,380
- As of 2023, over 72% of businesses worldwide were affected by ransomware attacks.
- IBM reports that it takes an average of 49 days to identify a ransomware attack, leaving businesses and organizations vulnerable for an extended period.
Ransomware simply refers to malware deployed to encrypt a victim’s files. Attackers offer the company the decryption key against a hefty payment, usually in cryptocurrency. Thus, they exploit digital vulnerabilities to extort individuals and entities for financial gain.
In fact, since 2018, more than half of the total survey respondents each year have stated that their organizations had been victimized by ransomware.
Moreover, no one is safe from such attacks, not even established governments. Austria was the most affected country by ransomware attacks, while Costa Rica’s government was the victim of the biggest attack in history, as reported by Cyber Management Alliance.
Ransomware-as-a-service (RaaS) is also a growing concern, with 67 active RaaS reported in the first six months of this year alone.
How can you protect yourself from ransomware attacks?
- Never use outdated software.
- Never click unsafe links.
- Never insert a USB that you don’t own.
- Use VPNs on public networks.
DDoS Attacks
Key Takeaways
- According to Netscout, there were almost 7.9 million DDoS attacks, approximating to 44,000 attacks per day in the first half of 2023 alone.
- DDoS-Attack-as-a-Service is being advertised on the dark web for $20 per day to $10,000 per month.
- 13 DDoS-for-hire marketplaces were shut down in 2023 by the Federal Bureau of Investigation (FBI).
DDoS or Distributed Denial of Service attacks are often mounted as a decoy to distract the owners of the targeted website while the hacker tries to mount a second, more exploitative attack.
Cloudflare has noted a significant increase in HTTP DDoS attacks, which rose by 111% year over year. The gaming and gambling industry was the most targeted by L3/4 DDoS attacks, highlighting the vulnerability of these industries to such attacks.
Moreover, according to G2, every minute of downtime during a DDoS attack costs an average business anywhere from $22,000 to $1,20,000 for SMEs. Meanwhile, hackers can rent online resources to launch attacks for just $5 per hour.
How can you protect yourself from DDoS attacks?
- Choose a DDoS mitigation service.
- Create a secure network infrastructure.
- Monitor your website traffic.
- Use Web Application Firewalls (WAF).
Social Engineering Attacks
Key Takeaways
- 98% of cyberattacks involve tricks or manipulation, covered under social engineering.
- According to Verizon’s 2023 Report, 10% of security incidents and 17% of data breaches were caused by social engineering.
- The average organization is targeted by more than 700 social engineering attacks annually.
In layman’s terms, social engineering refers to the various techniques of manipulation, influence, or deceit an attacker uses to gain unauthorized access to systems, data, and information. Phishing is the most popular social engineering attack.
75% of security professionals consider social engineering the “most dangerous” threat. These concerns are not unfounded, as evidenced by the 2,773 social engineering incidents reported in the recent Verizon study.
The severity of the threat is further highlighted by a high-profile case where a hacker used a social engineering attack to gain access to Twilio’s internal systems and the data of 125 customers.
How can you protect yourself from social engineering attacks?
- Use a secure Web Application Firewall (WAF).
- Enable MFA across all accounts.
- Set high-level spam filters.
- Conduct a pentest to detect vulnerabilities.
Phishing
Key Takeaways
- Phishing was the most common form of cybercrime, with approximately 3.4 billion malicious emails sent every day.
- BEC-based phishing attacks increased from 1.6 attacks per 1,000 mailboxes in the latter half of 2022 to 2.5 attacks over the first half of 2023.
- In 2023, IBM reported that phishing cost $4.9 million per attack.
In simplest terms, phishing refers to the cluster of cybercrime techniques through which attackers deceive individuals into divulging sensitive information by impersonating legitimate entities. Common types include vishing, spear phishing, and smishing.
To put this in perspective, in November 2022 alone, Google blocked over 231 billion spam and phishing emails, highlighting the scale of the problem. In fact, according to Security Magazine, over the last six months, there were 255 million phishing attacks in total.
However, Business Email Compromise attacks are the most common type of phishing attack. In this case, attackers compromise or impersonate official email accounts to deceive individuals within a business.
In 2022, a staggering 34% of all attacks were launched as Business Email Compromise (BEC) attacks, according to Arctic Wolf. To make matters worse, a shocking 80% of organizations that fell victim to BEC attacks didn’t have a Multi-Factor Authentication (MFA) solution in place.
How can you protect yourself from phishing attacks?
- Use a password manager like LastPass.
- Don’t open emails that look spam.
- Purchase antivirus software.
- Enable Multi-factor Authentication (MFA).
- Train your team to identify unsafe emails.
IoT Attacks
Key Takeaways
- A recent survey by Tech Jury suggests that 127 new IoT devices are connected to the internet every second.
- IoT malware attacks increased by 37% globally in 2023, resulting in more than 77.9 million attacks in the first half itself.
- According to Market Watch, the IOT security market is expected to grow to 13.36 billion by 2028.
With more than 15 billion IoT devices and Operations Technology units present in the world, IoT security has emerged as an alarming issue in the past couple of years.
In the first six months of 2022 alone, a staggering 1.51 billion IoT breaches were reported, highlighting the scale of the challenge faced by organizations. Compounding the issue, 51% of IT teams are unaware of the types of devices connected to their networks.
This indicates a lack of visibility and control over potential vulnerabilities. Moreover, the shortage of skilled personnel worsens data security concerns for most IoT companies.
How can you protect yourself from IoT attacks?
- Update firmware and stay up-to-date.
- Use Multi-Factor Authentication (MFA).
- Encrypt your devices properly.
- Connect IoT devices using secure Wi-Fi.
What are the most common IoT targets?
As discussed earlier, the IoT network is made up of interconnected physical objects that communicate and share data with other devices and systems through the Internet. Common vulnerabilities include website security, mobile security, APIs, and cloud security as discussed below:
Website Security
Key Takeaways
- Web application attacks contribute to 26% of breaches, ranking as the second most prevalent attack pattern.
- On average, a website experiences 94 attacks daily and is visited by bots approximately 2,608 times a week.
- Moreover, 17% of all cyber attacks target vulnerabilities in web applications.
The biggest danger with web app attacks is that attackers can not only gain unauthorized access and control to your data but also weaponize the same to promote cyber attacks in your name.
In fact, the situation has deteriorated such that 4.1 million websites contain malware at any given time. E-commerce websites are particularly vulnerable, with 75% of fraud and data theft involving them, as reported by GM Security.
Most of these vulnerabilities leverage WordPress plugins, with 97% of security breaches exploiting them. Despite this, 22% of WordPress admins spend less than an hour monthly on security.
To put this in perspective, in a recent high-profile incident, over 280,000 WordPress sites were attacked using the WPgateway plugin’s zero-day vulnerability, according to The Hacker News.
How can you protect your website from cyberattacks?
- Use a strong firewall and intrusion detection to monitor and filter traffic.
- Keep all website software up-to-date for security patches.
- Implement SSL encryption for secure data transmission.
- Run regular website scans and conduct pentests.
- Leverage MFA & password managers.
Mobile Application Security
Key Takeaways
- 80% of phishing attacks targeted or functioned on mobile devices.
- 82% of Android devices were vulnerable to at least one of 25 vulnerabilities in the Android operating system.
- The global mobile security market is expected to reach $14.82 billion by 2028.
The increasing dependence and adoption of smartphones have triggered a wave of concern. This is especially concerning since 75% of phishing sites are specifically designed for mobile devices, according to Zimperium.
Moreover, smartphone users are 6-10 times more susceptible to SMS phishing than email attacks. Although mobile app stores are taking measures to combat this, the losses are still mounting.
Google and Apple have collectively blocked 1.2 million suspicious applications, while Apple has intervened and blocked fraudulent transactions in the ballpark of $2 million. Nonetheless, all the blame doesn’t lie with providers.
User behavior also plays a role in mobile security breaches, with 44% of companies that suffered a mobile security breach attributing it to user behavior, according to Verizon.
How can you protect your mobile app from cyberattacks?
- Conduct routine security audits to identify and fix vulnerabilities.
- Implement strong encryption for data in transit and at rest.
- Use robust authentication and authorization mechanisms.
API Security
Key Takeaways
- According to a recent report, 94% of survey respondents had some security issues with their production APIs over the past year.
- The number of unique API attacks has increased by 60% year over year from 2022 to 2023.
- Despite the above, only 53% of the respondents, responded with security as their top priority.
APIs account for 91% of all web traffic, making them a prime target for attackers. Malicious API traffic increased by 681% in 2022, according to Salt Labs and there has been a 286% increase in API threats quarter over quarter.
According to a report by VentureBeat, 41% of organizations had an API security incident in the last 12 months, with 63% of those involved in a data breach or loss.
Despite rising threats, numerous organizations lack adequate API security measures. The above report by Salt Labs report also reveals that 34% lack an API security strategy, with 62% slowing new application rollout due to security concerns.
How can you protect your API & endpoints from cyberattacks?
- Ensure that only authorized users have access to your API and limit their privileges.
- Validate all user input to prevent injection attacks.
- Implement rate limiting to prevent malicious actors from overwhelming your API with requests and causing denial of service (DoS) attacks.
- Encrypt all sensitive data transmitted between clients and servers.
- Continuously test and monitor your API for vulnerabilities.
Cloud Security
Key Takeaways
- 52% of malware can use USB drives to bypass network security
- According to IBM’s Data Breach report, more than 45% of data breaches are cloud-based.
- As such, the cloud security market is expected to grow from $40.7 billion in 2023 to $62.9 billion by 2028.
Thales Group reports that 66% of organizations store 21%-60% of their sensitive data in the cloud. As such, with rising adoption, security concerns have also become prevalent.
In fact, the same report reveals that 51% of IT professionals perceive managing privacy and security has become more complex. Protecting data in multi-cloud environments is even more challenging, with 57% of organizations struggling to do so, according to Checkpoint.
According to the IBM report, cloud misconfigurations account for 15% of initial attack vectors in security breaches. Meanwhile, 51% of organizations cite phishing as their primary concern in cloud security.
Lastly, with compliance, 56% of organizations struggle to find and hire skilled cloud security professionals, making cloud security seem like an improbable goal.
How can you protect your cloud infrastructure from cyberattacks?
- Restrict access based on the principle of least privilege.
- Prioritize container security practices.
- Implement regular data backups and a solid disaster recovery plan.
- Train employees on security best practices.
Which are the most commonly targeted Industries?
Manufacturing
Key Takeaways
- Ransomware struck 56% of manufacturing companies surveyed between January and March 2023.
- 85% of all attacks weaponized phishing in 2023.
- According to Gartner, 63% of respondents reporting that their organization has experienced a supply chain attack in the past year
Accounting for nearly 25% of all cyberattacks, the increasing adoption of robotics, IoT (Internet of Things) technology, and automation by the manufacturing industry has painted a bullseye for cybercriminals.
Out of the victims of ransomware, more than one-third of manufacturers paid the ransom in an attempt to get their data back. However, only 1 in 4 companies were able to thwart the attacks before their data was fully encrypted.
Moreover, the adoption of AIML not only in storage but operations of digital assets on a dail basis, has increased the attack surface even more.
How can you protect your manufacturing firm from cyberattacks?
- Implement access controls and limit privileges for employees.
- Employ intrusion detection and prevention systems.
- Regularly update and patch industrial control systems to address vulnerabilities.
Finance & Insurance
Key Takeaways
- 17.5 million credit card information was sold on black markets.
- Hackers registered over 42,000 imposter domains to execute a large-scale phishing attack in 2023.
- In Q1 2023, phishing attacks disproportionately targeted the finance sector, constituting a substantial 23.6% of total cyber incidents.
With a rise in politically motivated attacks, the financial sector has emerged as a favorite. Losses incurred by financial organizations amounted to approximately $5.9 million per incident in 2023.
According to Security Boulevard, 80% of the organizations encountered at least one breach related to weak authentication.
The impacts of these cyberattacks are massive, as evident from the Transit Finance incident where $29 Million was stolen by a hacker. Additionally, 71 percent of organizations were victims of payment fraud attacks or attempts.
How can you protect your financial firm from cyberattacks?
- Strengthen cybersecurity with encryption and regular updates.
- Develop an agile incident response plan.
- Leverage advanced threat detection for real-time monitoring.
Consumer Businesses
Key Takeaways
- In retail, the average cost of a data breach in 2022 was $3.28 million.
- 50% of retail cyberattack victims were extorted, and 25% had their credentials harvested.
- More than 20% of customers stop purchasing from companies that have been hacked.
Living in a post-pandemic world with remote operational models, the digitization trend has become a necessity for E-commerce businesses. 68% of companies experienced a targeted attack on their networks and suffered data loss as a direct result.
63% of such data breaches come from exploiting internal weak points in a company’s customer and vendor network. Moreover, according to a recent research by BDO, 34% of retailers said that cyber attacks or privacy breaches were their most serious digital threat
As such, in 2023, E-commerce fraud cost the retail sector more than $48 billion globally.
How can you protect your consumer business from cyberattacks?
- Use secure and compliant payment processing solutions.
- Regularly analyze network activity for anomalies and potential security threats.
- Develop and test a clear incident response plan to efficiently handle breaches.
Education
Key Takeaways
- In 2023, over 700,000 threats were detected between April and June alone.
- In 2023, the rate of ransomware attacks in the education sector was more than double at 44% of the rate reported in 2021.
- The average cost of data recovery dropped from $1.42 million in 2022 to about $1 million in 2023.
The education sector, with its extensive sensitive data and limited cybersecurity resources, has been an appealing target for cybercriminals for the past few years. With an average of almost 2,000 attacks per organization reported weekly in 2022, the education industry has had it rough.
To put the above in perspective, of the above attacks, 36% were attributed to compromised credentials and 29% to exploited vulnerabilities, all of which could have been prevented by simple MFA.
According to IBM, the average cost of a data breach in the higher education and training sector was $3.7 million in 2023, down from $3.9 million in 2022.
How can you protect your educational organization from cyberattacks?
- Strengthen cybersecurity with regular audits and updates.
- Establish robust backup systems for quick recovery.
- Utilize endpoint protection for device security.
Healthcare
Key Takeaways
- According to the U.S. government’s OCR, healthcare firms reported 145 data breaches in the first quarter of 2023 alone.
- Phishing attacks were used in 45% of all healthcare data breaches in 2023.
- Ransomware attacks, in particular, have been a major threat to healthcare organizations, with 707 attacks in 2023.
Compared to the previous year, the number of cybersecurity breaches have increased, however, the loss from each incident has risen significantly.
Simply put, the number of individuals affected by such breaches jumped from the 31 million of the second half of 2022 to a new record of 40 million in 2023. Furthermore, third-party data breaches have also had severe consequences.
More than 119 pediatric practices and 2.2 million patients were impacted by a single incident. Furthermore, New York-Presbyterian (NYP) Hospital reported a data breach that affected approximately 12,000 people in September 2022.
Similarly, Aveanna Healthcare was hit with several phishing-related data breaches, for which they agreed to pay $425,000 in settlements.
How can you protect your healthcare business from cyberattacks?
- Restrict access to sensitive data through stringent user authentication and authorization measures.
- Keep healthcare systems and software up to date.
- Educate healthcare personnel on recognizing and mitigating cyber threats.
Conclusion
With the cybersecurity landscape changing ever so constantly, knowing the figures and facts related to it, and its risks like phishing, ransomware, and other scams can give a deep insight.
The proactive adoption of preventive measures, awareness of emerging trends, and industry-specific safeguards are crucial for robust cybersecurity defenses in 2024.
With this extensive compilation of 160 cybersecurity statistics for 2024 we aim to provide valuable insights into emerging trends, attack vectors, and the industries most targeted. Stay informed, stay secure.