A lot changed in the world in 2020. As the COVID-19 pandemic shut down the world, many of us transitioned to work-from-home arrangements, got comfortable holding meetings over Zoom and started using digital tools as never before. As a result, many companies shifted to almost exclusively online operations, using new SaaS platforms, cloud data storage and other services in vastly expanded ways.
And the hackers went wild.
In November 2021, one of the Federal Bureau of Investigation's (FBI) email servers was hacked.1 It caused spam emails to be sent to the public that appeared to be from the agency and the Department of Homeland Security. It's estimated that emails were sent to over 100,000 accounts warning them that they were being attacked and were titled: "Urgent: Threat actor in systems." The headers appeared real, as if they were coming from a legitimate FBI account.
This attack is just one of many that the agency now cites as an example to spread the word about cyber attack prevention.
It was clear that for many companies, their liability was moving from the real world to cyber space. Today’s digital workplace has deepened and expanded cyber exposures.
The FBI has been at the forefront in battling the ongoing challenges of cyber attacks. It tries to get ahead of potential threats. For example, it released an advisory2 for public and private sector organizations to remain vigilant to ransomware and cyber threats during the holiday season, because, in the past, cybercriminals have taken advantage of a time of year when businesses are less focused on prevention and may have their defenses down.
As we move into 2023, this type of early notice is helpful for businesses, so they can best prepare for the future evolution of cyber threats. It's estimated that global cybercrime costs are expected to grow by 15% per year and reach $10.5 trillion USD3 annually by 2025.
In a recent survey, 81% of chief information security officers4 said that "staying ahead of attackers is a constant battle and the cost is unsustainable" compared with 69% in 2020. Are your clients prepared for this new world of cyber threats?
Here's a look at where the cyber risks lie and potential targets so you can prepare now.
Remote Work Will Remain a Favorite Target
According to Gartner's CIO Survey,5 hybrid and remote work is a durable trend, with more than 75% of knowledge workers expecting future hybrid work environments. Remote work will be permanent for 92% of organizations in the next two years.6
Working from home has many perks, such as flexibility and convenience. But the downside is that it's a minefield for cybersecurity. It opens the door for numerous cyber threats from employees using personal devices for work, cloud computing and the lack of firewalls in home offices. Sixty-seven percent of cyber attacks affecting businesses target remote workers and could lead to the interruption of day-to-day operations or a ransomware payout.6
Mobile Malware Attacks Are Expected to Increase
Mobile malware attacks are another result of the shift to remote work. A recent report7 found that, in 2021, almost half of all organizations had at least one employee who downloaded a malicious mobile app. Ninety-three percent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs or stealing users' credentials.
Cybercriminals use phishing, Trojans, adware and other techniques to attack smartphones, tablets and other mobile devices. Once they have access to one device, they can usually access an organization's entire network and open it up to further attacks. The banking industry, in particular, is seeing a rise in malware threats8 as cybercriminals target mobile banking on smartphones to steal credentials or credit card information.
Ransomware Attacks Will Focus More on Cryptocurrency
Ransomware attacks will continue to become more sophisticated and aggressive. In response, the percentage of countries passing legislation to regulate ransomware payments, fines and negotiations will rise to 30% by the end of 2025, compared to less than 1% in 2021.9
The new trend in ransomware attacks is demanding payment by cryptocurrency, because the payment can be made quickly and reliably. Bitcoin is instant — unlike a wire transfer that can take days to process. The crypto market also lacks regulatory oversight, and transactions can be hard to trace. Cryptocurrency was used to pay the hackers in the Colonial Pipeline and JBS attacks.
Hackers never make their ransomware demands in government-issued currency, instead requesting payment in cryptocurrency.10
As the price of bitcoin has increased, so too has the amount demanded in cryptocurrency-related attacks. The price of Bitcoin surged almost 400% between October 2020 and May 2021, while the number of cyber attacks rose 192%.11 In 2019, ransom demands ranged from a few thousand dollars to $2 million at the top end. By mid-2021, most demands were in the millions, with a significant number over $20 million.
Cyber Attacks on IoT Will Continue to Wreak Havoc
By 2025, it's expected that there will be more than 30 billion IoT connections,12 which averages out to almost four IoT devices per person.
IoT devices continue to be the target of cyber attacks because of their vulnerabilities, such as the lack of built-in security or failure to update them with recent security patches. In the first half of 2021, there were over 1.5 billion cyber attacks focused on IoT devices.13 This number is more than double the total recorded in the first half of 2020.
Forrester is predicting that the security weaknesses of IoT devices will bring a botnet so large that its "level of traffic will successfully cause economic pain by denying some critical communications infrastructure." Forrester estimates it will be around 30 million requests per second compared to the current record set earlier in 2021 that capped out at 22 million requests per second.14
Whatever the case, cyber risk is here to stay. For clients, it's important to not only recognize the risks they face today, but to be proactive in addressing new challenges that might be coming in the months and years ahead. It's your job to make sure they know what to expect and how cyber insurance can factor into their overall risk management strategy.
Sources
1Speakman, Kimberlee. "FBI Email Server Hacked, Thousands Of Spam Emails Said To Be Sent Out," Forbes, 13 Nov 2021.
2"CISA and FBI Urge Organizations to Remain Vigilant to Ransomware and Cyber Threats This Holiday Season," Cybersecurity and Infrastructure Security Agency, 22 Nov 2021.
3SecurityExpert. "Cybercrime to Cost Over $10 Trillion by 2025," Security Boulevard, 17 Mar 2021.
4"The State of Cybersecurity Resilience 2021," Accenture, 2 Nov 2021.
5Panetta, Kasey. "The Top 8 Security and Risk Trends We're Watching," Gartner, 15 Nov 2021.
6"Beyond Boundaries: The Future Of Cybersecurity In The New World Of Work," Forrester, Sept 2021. PDF file.
7"2021 Mobile Security Report," Check Point Research, 12 Apr 2021. Gated PDF.
8"Banking Malware Threats Surging as Mobile Banking Increases," GlobeNewswire, 8 Nov 2021.
9Panetta, Kasey. "The Top 8 Cybersecurity Predictions for 2021-2022," Gartner, 20 Oct 2021.
10"Ransomware Advisory," U.S. Department of the Treasury, 1 Jan 2020.
11Crothers, Brooke. As Bitcoin Price Surged, It Fueled Rise In Cyber Attacks, Researchers Say," Fox Business, 3 Jul 2021.
12Brooks, Chuck. "Cybersecurity Threats: The Daunting Challenge of Securing the Internet of Things," Forbes, 7 Feb 2021.
13Adams, R. Dallon. "IoT Device Attacks Double in the First Half of 2021, and Remote Work May Shoulder Some of the Blame," TechRepublic, 13 Sept 2021.
14Vigliarolo, Brandon. "2022 Will Be the Year of Convergence Between Edge, IoT and Networking Tech, Forrester Predicts," TechRepublic, 4 Nov 2021.
