Phishing, Ransomware, & Data Breaches On the Rise in 2022

The onslaught of cyber attacks in 2021 was unrivaled from past years. Unfortunately, security experts believe that the trend for 2022 will continue, possibly even worsen, in the coming months, as the digital world continues to be rocked by several different types of cyber attacks: phishing scams, ransomware, and barrages of data breaches. In past blogs, we have discussed the growing threat of cyber attacks and ways to reduce your risk including ongoing training, updating software regularly, developing backup and disaster recovery plans, monitoring data leaks, and improving frontline security. Today, we are taking a closer look at the top three cyber threats, what the trending numbers tell us, and the ultimate cost your business could pay in the case one of these disastrous events happens to you.

Top 3 Cyber Attacks

Let’s start our discussion with outlining the top three types of cyber attacks that your organization may experience - phishing scams, ransomware, and a disastrous data breach.

Phishing Attacks

Phishing is a type of cyber attack usually associated with malicious emails. A phishing scam most often involves an attacker, masquerading as a trusted entity, who dupes a victim into opening an email, instant message, or text message. That email can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information such as credit card data, personal data, or system credentials. According to a January 2022 report published in Spanning online, social engineering attacks, such as phishing, are the most prevalent and dangerous types of cyberattacks since they are deceptive and tricky. A Verizon 2021 Data Breach Investigations Report shows that 85% of breaches involved the human element such as opening a malicious link or email. Statistics from the past year show us that phishing, although well publicized and avoidable, are responsible for about 90% of data breaches! This may sound disheartening, but it is reasonable given the fact that most employees will have at the very least 14 malicious emails per year. All it takes is for one of these to slip by unnoticed to become a huge problem for a business. The news doesn’t get any better from the Federal Bureau of Investigation, who report that there has been a 400% increase year-over-year in phishing attacks.

Ransomware Attacks

The word ‘ransom’ in this term gives you the ultimate clue needed to understand this second type of cyber attack. What makes this type of attack so devious is that it uses malware to encrypt files on a device. This malware then renders any files and the systems that rely on them unusable. In short, users are locked out of their system or device until they pay a ransom to get back in. During the time the data is locked away, businesses must deal with costly downtime, vulnerable data, and a shuffle to be able to run their organization! Hold your hats, because the statistics on this type of cyber attack are truly astounding! Security provider SonicWall reported nearly 500 million attacks through September 2021, with a staggering 1,748 attempted attacks per organization. This is equivalent to a business facing 9.7 ransomware attempts every day. So, if you thought the pandemic might be slowing cyber criminals down, you would be wrong. In fact, experts believe the opposite to be true. This growing threat can cost billions of dollars with no real guarantee that data will be released upon receipt of the ransom. Sadly enough, some industries are harder hit by ransomware than others. In 2021, government agencies were the top targets for cybercriminals, followed by education, healthcare, services, technology, manufacturing and the retail industry, according to Blackfog’s 2021 State of Ransomware Report.

Data Breaches

This broad category of cyber attacks rounds out our top three cyber assaults. In general, a data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system's owner. The information is often deemed important due to the fact that it is confidential, sensitive, or protected information. The goal of most data breaches is to gain information that can be financially fruitful later on. Consider the amount of personal, financial, or sensitive information your business has stored on each client, employee, or vendor. That information could be vulnerable should a cyber criminal set their eyes on your business. And, don’t be lulled into the thought that just because your business is small that you are immune to data breaches. This could not be further from the truth. Small businesses are just as likely to experience a breach. In fact, to hackers, a small business may be an easier target with fewer security defenses. According to the Identity Theft Resource Center’s (ITRC) data breach analysis, there were 1,291 data breaches through September 2021. This number indicates a 17% increase in data breaches in comparison to breaches in 2020, which was 1,108. The report also found a steep increase in the number of data compromise victims (281 million) during the first nine months of 2021.

What’s the Cost?

Now that we have reviewed the top three types of cyber attacks, what is the cost to organizations large and small? Let’s break it down for you in order to understand not only the financial ramifications but also the damage that these events can do to the reputation of businesses. IBM’s 2021 Cost of a Data Breach Report found phishing to be the second most expensive attack vector. Their numbers show that a phishing scam can cost a whopping $4.65 million! In addition to financial losses there are ultimately other consequences to consider. A 2022 State of the Phish Threat Report cited the following consequences:

60% of organizations lost data
52% of organizations had credentials or accounts compromised
47% of organizations were infected with ransomware
29% of organizations were infected with malware
18% of organizations experienced financial losses

The financial impact of a ransomware attack can be equally devastating. What’s insidious about ransomware attacks are that they don’t just impact the business itself, but can have ripple effects to other businesses. For instance, a ransomware attack against a supply chain organization can have huge ripple effects throughout the economy. According to IBM’s 2021 Cost of a Data Breach Report, the total average cost of a ransomware attack was $4.62 million. Yikes! Breaking that down even further, the average ransom paid by mid-sized organizations was $170,404 while the average cost of resolving a ransomware attack was $1.85 million. Not to be outdone, data breaches come in third according to the IBM report with an average total cost of a breach in 2021 was $4.24 million. This number is up a staggering 9.8%!

What’s the Takeaway?

As usual, our final thought includes advice to be proactive in dealing with these cyber threats. Have a reliable backup solution to counteract these threats. Review your disaster recovery plans regularly. Train your workforce to recognize and alert proper IT professionals should they see a red flag in emails, texts, or IMs. Being proactive is one way your business can be prepared should a cyber event happen to you.