Cyber Trick or Cyber Treat? It’s Cybersecurity Awareness Month!

Cybersecurity, Events, High Technology, Technology Posted Oct 29, 2021 by Claire Mutty

Although it feels like the first day of fall was only yesterday, here it is already the end of October – and simultaneously Cybersecurity Awareness Month – with Halloween just around the corner. With only a few days left in the month, and being part of the cybersecurity industry, CHEN PR wanted to give you a few frightening statistics and scary trends from the past year to chew on, in addition to candy this weekend.

Let’s start with some facts. According to IBM’s 2021 Cost of a Data Breach Report, the average total cost of a data breach increased by nearly 10% year-over-year, which is the largest single year cost increase over the past seven years. Also, when more of the workforce worked remotely as a result of the COVID-19 pandemic, the average cost increased to $1.07 million due to remote work and digital transformation.

Moving over to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved a human element, and 61% involved the theft of credentials. In addition, as in previous years, financially motivated attacks continue to be the most common in breaches, and organized crime remains the top threat actor variety – as some of our clients have discovered this year as well. Continue reading if you dare…

As for recent trends, Open Web Application Security Project® (OWASP) revealed in its Top 10 2021 that Broken Access Control became the category with the most serious web application security risk this year, with Cryptographic Failures and Injection taking the second and third spots respectively. OWASP also introduced new categories into its Top 10 this year, including ‘Insecure Design’ and ‘Software and Data Integrity Failures.’ These additions “show how the entire software industry is continuing to ‘shift left’ by putting more focus on secure design and architecture, as well as threat modeling,” noted Bishop Fox’s Practice Director of Application Security Tom Eston in The Daily Swig.

Perhaps not surprising is the fact that ransomware has become a global menace, particularly as attackers become more sophisticated and are resorting to double extortion. To read a great analysis on ransomware’s evolution and six key trends to watch, be sure to check out this TechBeacon article featuring insights from Bishop Fox’s Red Team Practice Director Trevin Edgeworth, Intel 471’s Chief Intelligence Officer Michael DeBolt, and Devo Technology’s CISO Gunter Ollmann.

Given the uptick in attacks, an extensive amount of research and blog posts have been published that reveal noteworthy insights on the impact of cybercrime, the risky behaviors of individuals, various hacker trends, the government, and organizations’ reactions to the attacks, and much more. For example, passwordless MFA provider Beyond Identity released a study earlier this year that evaluates how a decade of cybercrime has impacted the United States. In 2020, $3.3 billion was lost to fraud, which is nearly double the amount lost in 2010. The report breaks down the top 10 states with the most and least cyber fraud, ranking Alaska as number one with its median incident costing victims $500 million. In another report, Beyond Identity surveyed over 1,000 individuals in the U.S. to learn about their password habits and how they generally approach online safety. More than 1-in-3 respondents noted they had tried to guess someone else’s password before, and a scary 73% of them were successful. In addition, according to the survey, the top online accounts to be compromised or hacked included personal email, online banking, video and music streaming, and overall work-related accounts.

On another cyber front, intelligence provider Intel 471 is constantly monitoring the cyber underground and has found some interesting trends over the last year that correlate with the headline-making cyberattacks, especially how susceptible supply chains can be when it comes to a company’s IT and security systems. That being said, the big takeaway that Intel 471 analysts have seen is that the cyber underground will adopt any scheme, as long as it results in money being made. For instance, between January and August 2021, the company’s researchers observed a greater number of compromises in government entities, ranging from ransomware attacks to social engineering tactics and vulnerability types that allow hackers to gain initial access into these public sector security systems. The threat intelligence experts have also seen a trend in cybercriminals taking advantage of the COVID-19 pandemic by selling fake COVID vaccine certifications and several underground forums hosting advertisements for COVID-19 vaccines.

Given the drastic increase, frequency, and impact these cyberattacks were making in the early part of 2021 alone, the White House held a Cybersecurity Summit to address how we can move forward successfully when it comes to cybersecurity for our nation. Virsec’s VP Public Sector Kevin Jones penned an article commending the initiatives a few major tech companies announced during the Summit, i.e., better integrating cybersecurity into their products, integrating cybersecurity training, and developing a new framework for improving cybersecurity for tech supply chains. While this is a great start towards solving the cyber crisis we are in, Jones notes that public and private enterprises have an obligation to think bigger, innovate faster, and ultimately evolve our collective cyber experience – such as developing a new security mindset, securing software, optimizing the current workforce, and investing in innovation and solutions, while also protecting its legacy systems.

Given the nonstop onslaught of attacks on organizations’ data – arguably their most valuable asset – threat hunting continues to occupy an important place in the cybersecurity toolbox. Per Digital Guardian – recently acquired by HelpSystems – CISO Tim Bandos, “Threat hunting is a critical component of an overall cybersecurity strategy whether it is done internally or through a managed service provider. But unless it is an official part of your program, you can’t be successful at it.” Get more on this front in this Dark Reading article and by watching Tim’s session from the RSA Conference earlier this year.

In celebration of National Cybersecurity Awareness Month, Armorblox has published a creative listing of the most popular and challenging email security-related scams, personifying them as the “The BEC Brigade.” These characters embody the threat and dangers of potential activity in your inbox, without you even knowing!

All of this may be a bit frightening, but it’s important to be aware as we begin to wrap up 2021 and look ahead to the new year. Just knowing what’s out there, or lurking behind the computer screen rather, can put you at an advantage – so beware! Even individual adjustments to improve security can make a world of difference when it comes to cyberattacks.

Hope you have a spooktacular Halloween, from all of us at CHEN PR!