Cyber Security is the process of fending off cyberattacks from all devices, computer, mobile phones, servers, networks and even electronic systems and stored data. This defense mechanism is gaining importance day after day, due to the evolution of technology and the speed with which this development is going, as well as that of the means used in cyberattacks.
Through this article, we’ll discuss some facts about cyber security attacks, breaches and we will take a look at a couple of global cyber security examples and statistics.
Types of Cyber Security
Before we get into the details of cyber security attacks, we need to know there are 6 types of cyber security, as follows:
1. Network Security:
This is using cybersecurity measures in securing the entire network from both, possible attackers and malicious malware.
2. Information Security:
Keeping the stored information safe in storage, whether they are actively used on the network, or stored in external devices.
3. Application Security:
This form of cybersecurity starts from the design stage of the desired application. All applications are supposedly designed to protect the data it asks users to share. This form of cybersecurity focuses on keeping applications secure and free of threats to any data.
4. Operational Security:
This category of cybersecurity aims at protecting the ongoing usage of data over the network, such as the permissions granted to users using the network. Example of such procedures are the procedures determining how data is shared over the network and where data is stored.
5. Disaster Recovery and Business Continuity:
These two factors constitute the methods used by businesses in recovering from a cybersecurity attack and trying to reverse things to how they were before the data loss or operations. Disaster Recovery represents the policies used by the business to get back to its previous operating capacity before the attack.
Business Continuity is the backup plan the business follows to operate after the loss of data, trying to operate without the lost resources.
6. End-User Education:
This cybersecurity method deals with the most common cybersecurity threat, that is people. It’s vital that both, ordinary people and employees in the workplace, know what to do in the case of a cybersecurity attack. Furthermore, awareness programs are important to teach everyone basic security steps to secure themselves online.
Recent studies have revealed that more than 80% of data loss to cybersecurity threats are because of employees. It all starts and ends with people!
Top Cyber Security Attacks
There are countless ways a cybersecurity attack can take place, these are only the most common, under which more ways are listed.
Cybercrime is basically a crime taking place on the internet. The purpose of this cybercrime is to obtain illegal gains through stealing user or organization information, or to prevent users or organizations from accessing stored data.
Through malicious e-mails, text messages, links and websites, attackers try to trick users and obtain their passwords, credit card data or social security number. The malicious means of phishing will usually take you to a stage website, designed to look authentic and convince you to enter your data.
A more recent form of phishing is called Spear Phishing, where the attacker uses the name of a well-known person in a said organization and sends the malicious email or link. The attacker here uses the authenticity the name gives to the scam, and makes it easier for users to willingly give out information they shouldn’t.
With the main aim being to cause panic or fear in the souls of those targeted by the attack, cyberterrorism is a form of cybersecurity threat that’s been increasing in the past years.
This form of cybercrime has an extra ulterior motive, that is the politically premeditated intention of gathering information. Such as the attack of the nationals of a certain country against the government organizations of another, in order to use the obtained data in political war.
5. SQL Injection:
A Structured Language Query targets databases. The perpetrator inserts malicious code into the database using an SQL Injection or what’s called a statement in the code. This form of cyberattacks normally uses vulnerable applications, mostly data-driven ones, to inject the infecting code and obtain data from the applications’ database.
6. Man in the Middle Attack:
MITM attacks simply means intercepting data flowing between IT systems. This attacks acts as both the senders and receivers of data in the IT network, hence tricking the actual users into sending unencrypted data on the system. Here, the perpetrator intercepts such unencrypted data to store it, whether to use for a current or a later attack on the network, both leading to gaining unlawful finances.
7. Denial of Service Attack:
By infecting computers with malware, the attacker causes disruption to a service network. The malware sends many fake requests to the service network, hence hindering the real requests by users from reaching the server, and preventing the users from obtaining the desired service.
The most common form of DoS attacks are DDoS (Distributed Denial of Service) attacks. These attacker uses malware and IoT devices that do not have enough security protection, to send the flooding requests to the targeted network.
This is a form of malicious software, designed to infect IT systems to cause harm to the system or stored data. Malware is manifested in numerous forms, such as viruses, Trojans, spyware, worms and adware.
9. Social Engineering:
Social Engineering uses different methods of cybersecurity threats to manipulate the targeted users into giving out information about themselves, such as credit card information, passwords or social security number. The higher end of the perpetrator is always the same, using the acquired information to make unlawful gains.
This is when you unintentionally download a hidden file onto your computer that is actually a form of malware. The file setups a ransomware which encrypts the data on the device and prevents you from accessing it. If you wish to regain access, you must pay a ransom, usually in the form of Bitcoin. In many cases, however, you won’t be able to recover the infected data even after payment of the ransom.
Most Cyber Security Breaches or Attacks are the result of two things. The First being the carelessness with which employees or individuals handle corporate data. Whether by handling corporate data through their personal devices or not using strong passwords.
Which brings the second reason; using weak passwords. When you’re setting up your account in any given website, for whichever service you’re demanding, you must always use a strong password as possible. If an attacker is able to crack your password, it’s only getting easier for him to steal your credit card and security information.
Cyber Security Facts
There are scary facts regarding the percentage of cyber security attacks and the number of people falling victims to these attacks. Here are some of these facts:
- The most common cybercrime form is called the Imposter Crime, where the perpetrator pretends to be someone else to illegally obtain finances from the victim. One in every five people report they lost money to Imposter cybercrime.
- An average of $358 and more than 21 hours are lost every year, dealing with cybercrime.
- An average of 600,000 Facebook accounts are hacked every day.
- One in three homes has at least one computer with malicious software, without the knowledge of its owner.
- The information of at least 47% American adults, has been exposed to cyber criminals.
- At least one online scam offer found its way to over 65% of Americans.
- Millennials represent a great portion of cybercrime victims, with a percentage amounting to 44% percent.
- The most important piece of information is passwords, statistics revealed that 31% of millennials have shared sensitive passwords, more than the number of any other age group.
- Cybersecurity awareness programs are essential in both schools and work places.
- A cyberattack takes places every 39 seconds, which is astounding. The fact that users assign weak passwords and security information, makes the occurrence of attacks more frequent. This is according to a Clark Study that the University of Maryland conducted. The study also stated that these frequent attacks affect one in three Americans.
- An average of 80 data records are compromised every second, this means 7 million data records are compromised in a day. Yearly, this amounts to 2.55 billion data records.
- Due to the amount of personal information required and stored by three main sectors; government, technology and retail, are the most affected sectors by cyberattacks.
- Small businesses are the most targeted with cyberattacks, with a percentage of 43%, without no specific reason. Of these attacks, phishing and social engineering represent 62%, malicious code and botnets are 59%, while 51% represent denial of service attacks.
- Ninety-four percent of malware attacks are likely to take place through e-mail. Verizon cited in its Data Breach Investigations Report, back in 2019, the reason is because e-mails have become essential in every day communications and dealings.
- To deal with a single data breach, some companies spend $3.9. This sum rises up to a staggering $116 for a public company, because the cost isn’t only financial, but also to the company’s reputation.
- By 2024, the ecommerce industry is expected to annually lose $25 billion, as a result of online payment fraud.
- Hackers look for the weak link, and since that’s almost never in the IT Department, they lurk around and look for weak passwords used by employees, or those who don’t take follow security measures or take precautions. The weak link is responsible for 95% of the cybersecurity attack on businesses.
- With more people working from home, due to the Covid-19 pandemic, more personal computers are being used to access work files, even sensitive information. This, created a fertile environment for hackers to attack. The FBI reported a 300% increase in cybercrime since the start of the pandemic.
- As if a pandemic was not enough, there have been increased attacks on medical records, starting from 2020. For example, a total of 9.7 million medical records were compromised due to hacking and IT incidents.
- In 2021, an estimation of $6 trillion was to be spent on cybersecurity, with companies, institutions and organizations scrambling the take the necessary measures to deal with these increasing threats.
- By 2025, the amount of IoT (Internet of Things) devices connected to the cyber space, will rise to be 75 billion devices.
- An unbelievable amount of cybersecurity jobs remains unfilled, despite the increasing global demand. More than 4 million cybersecurity specialist jobs are available globally!
- Despite having an IT Department, more than 77% businesses don’t have a cybersecurity attack protocol or a response tactic. This reflects in the amount of attacks such businesses suffer from, with 54% of them reporting at least one attack.
- Can you believe that even big companies can take up to 6 months to detect an ongoing security or data breach? That data of companies like Facebook, Capital One and Equifax are just mere examples. By the time you get a notification, your credit card, passwords and your social security information, may have already been leaked. A study by Ponemon and IBM stated the average time required to identify a threat was 206 days, and 73 days to contain the breach.
- Cyber breaches of a company’s data result in massive financial losses, with the price of stocks of many companies falling by 7.27% after a breach. The lowest point is mostly visible after 14 market days after the breach taking place.
- The most common form of cyberattacks is Phishing. Spotting malicious e-mails, text messages, websites and links, is a trait that must be learned and developed. Hence, the best form of fending off this form of attack, is by awareness.
- The most effective way of counteracting cyberattacks is by creating awareness, through programs and courses and effective counter measures.
Cyber Security Breaches
As the FBI stated that before, the rise in cybercrime since the Covid-19 pandemic started, jumped over 300%. Unfortunately, this percentage is only expected to rise. With the increase of our dependency on technology moving forward, it’s bound that we’ll leave a window or a small door open, unintentionally.
This is according to Equifax CISO (Chief Information Security Officer) Jamil Farshchi. He revealed in an interview with Forbes, that the number of security breaches and ransomware attacks in 2021 has hit a record high. Farshchi said that the loss of people’s trust in data and technology will stand in the way of development and innovation.
“If we [CISOs] don’t do our jobs well … if the cyber crisis isn’t reigned in, it’s going to hurt our ability to innovate … those roadblocks and hurdles impact our ability to be successful and leverage the latest technologies”
In a list, Farshchi compiled what he believed to be the most serious cybersecurity threats for 2022 and the ongoing future. These are the threats he listed:
1. Quantum Security:
Farshchi believes that the Quantum Leap is upon us, it’s not as far away from us as we like to think. All the data being collected today, although it might be encrypted today, quantum technology will be able to decrypt this data.
The fact that data is being collected at an unprecedented pace, means only one thing, that quantum technology is closer than we thought. Governments will need to be prepared to take the necessary measures to protect their data using quantum-proof security. Unfortunately, Farshchi stated these measures will not be published until 2024.
2. Director’s Dilemma:
Who must be blamed for security breaches? In the event the perpetrator is caught, they can be tried and judged. However, that does not negate the responsibility of those working in the breached company.
Director boards and corporate boards are being watched closely when it comes to data breaches. This is the result of courts taking Breach of Duty Claims more seriously, in the past years. Two major companies, Equifax and Target have come under the knife due to these claims.
In 2017, Equifax announced a data breach in its security system, exposing information of about 143 million Americans, almost half the population. In light of this, the company’s former chief, Richard Smith, resigned from his position.
In 2013, the giant retailer Target, announced a cyber breach of the company’s data took place, exposing the credit card information of 41 million customers. It wasn’t until 2017, that the retailer paid a sum of $18.5 million in a legal settlement. This was the biggest sum ever paid compensating for a data breach.
3. Blind Trust:
This is regarding online supply chains. During the past years, we’ve become more dependent on electronic supply chains, which increased immensely with the Covid-19 pandemic, and is even expected to increase due to our increased reliance on technology.
We blindly trust the online vendors we deal with, which makes us more susceptible to share our payment information and storing in on our online accounts. This increased dependency makes the vendor population similar to a blind spot, and the means available to measure this danger is not yet up to date.
4. Identity Crisis:
This major security breach has two sides. On one hand, the consumers continue to take cybersecurity threats lightly, not aware of the danger they pose against their security. On the other hand, business don’t provide enough cybersecurity or protection for their customers. These two create the perfect environment for cybercrime to flourish.
5. Help Wanted:
The increase in cybersecurity attacks warrants the need for more cybersecurity experts. In this regard, the gap is widening between those who have expert help against cybersecurity threats, “the haves”, and those with not enough expert help or are understaffed in the face of these threats, “the have-nots”.
6. Cloud Incompatible:
Cloud Computing is when computers are connected to a server where data is stored, rather than storing information using the traditional means of external devices, local servers or personal computer. The “Cloud” allows access, sharing, processing and managing of the stored data.
Cloud storage has many benefits for businesses in particular, where all the data can be stored without the worry for lacking storage space, and having the information a click away, facilitates business dealings.
However, the codes and processes of cloud storage are not as complex as one might think. Entities then have to counterweight the benefits they get from cloud computing and the risks they might be up against.
7. Breach Bonanza:
The amount of profit attackers gain through ransomware reached 98%. This is aggravated through what is known as Blockchain Technology, which made cyber breaches a gold mine for attackers to generate profit. Eventually, the entry of new attack agents or malware into the cyberattack threats, is inevitable.
8. Limited Coverage:
Organizations are bound to take the necessary measures to protect the data of its clients. In case of a cybersecurity breach and a legal claim against the organization, a defined sum is paid by the organizations insurance company.
The insurance market itself is developing with the development of technology. Hence, companies and businesses have to keep up with the latest cyber security methods to make sure the data stored in their servers is secured.
Either companies keep up, or risk losing insurance coverage altogether.
Despite the speed with which cyber security attacks are moving, legislative bodies around the world cannot keep up. Even though, cybersecurity legislation has evolved in the past years, it’s not evolving fast enough to keep up with the evolution in the cyber-verse. What’s more troubling is that many cyberattacks take place across borders, and the international legislation is miles behind.
10. Winging It:
Dealing with frequent cybersecurity breaches with success is a great feature of any given business. However, frequent attacks will eventually lead to a major breach that cannot be contained and the news will come out.
It’s imperative that not only the IT team knows how to deal with a cybersecurity breach, but also the entire company team knows what to do in the event of a cyberattack. In the case, the cyberattack made it to the news, there must be a coherent managing plan with which the business deals with the media coverage.
Cyber Security Hacking
This is the process of a perpetrator exploring the different methods through which he can breach the defenses of a security system or network. The motivation for hacking can be one of many things, profit, gathering information, protest, political motivation, even the evaluation of the hacked system in order to help in the assessment of system weaknesses and the possible countermeasures.
There are many cybersecurity hackers whose names will go down in history, some might have committed security breaches but others helped expose flaws in security networks. Some of these are:
1. Andrew Auernheimer:
He is known as a grey hat hacker and owned a security firm called Goatse Security. Andre’s firm exposed a flaw in the security of AT&T’s iPad. As a consequence, he was sentenced to 3 years in prison.
2. Ed Cummings:
Is the author of 2600: The Hacker Quarterly, and his trial was unprecedented since he was denied both, a speedy trial and bail. Cummings was arrested and tried on the basis of possessing technology that could be used to carry out malicious attacks.
3. Guccifer 2.0:
He claimed he was able to hack into the central computer of the Democratic National Committee, the governing body of the US Democratic Party.
4. Joanna Rutkowska:
Is a security researcher from Poland and she developed the Blue Pill rootkit and an operating system called Qubes OS.
5. Kimberley Vanvaeck:
The Belgian hacker is widely known by her code name Gigabyte, she is known as the first one to write the first virus in C#.
Cyber Security Trends
The integration of technology into our lives is only moving forward in the years to come. We’ll see the latest technological advances in everything, from the simple tasks to the most advanced machinery in factories. Parallel to this advancement is the rise of cyber security risks, where attackers find more gaps to exploit.
Here are the latest cyber security trends to watch out for from 2022, moving forward:
1. Cloud Services are the new target:
More businesses have been depending on cloud services to store, handle and back data up, the Covid-19 pandemic increased this dependency with more people working from home and need reliable services to process data.
Cloud services might offer businesses a wide range of benefits, most importantly cost saving, this didn’t come risk-free. Several businesses didn’t pay much attention into configuring the cloud services and servers they depend on, therefore, creating more opportunities for data breaches, account hijacking and unauthorized access.
Some of the risks facing businesses when it comes to cloud services include regular update of security measures, cloud migration, providing enough experience for IT teams to handle cloud problems, creating more entry points for attackers, user error including weak passwords, unauthorized access, unsecured network and misuse of personal devices.
2. More IoT means more attacks:
By 2026, it’s estimated there will be 64 billion IoT devices connected to the internet. The Internet of Things refers to all electronic devices, other than computers, servers and mobile phones that connect to the internet and share data about their users, such as smart watches, smart fridges, even voice assistants like Amazon and Alexa.
Servers and computers have several security checks and measures, hence have the ability to better fend off cyberattacks and stop them. The storage and processing capabilities of IoT devices are much less than those of computers and servers, making them less capable of operating antiviruses firewalls and cybersecurity applications, so they provide more entry points for hackers to exploit.
Following the Covid-19 pandemic, there’s been a surge in using IoT devices, specially that these devices help connect the virtual and physical worlds. The most common users are subjected to include Denial of Service (DoS) attacks, even the hijacking of the devices.
The latest addition to the IoT security trend is the continuous improvement on the 5G network. This technology is not yet fully developed and well-structured, every step taken in this development produces presents loopholes that can be exploited and more risks for businesses to deal with.
3. Mobile cyber security is coming:
Using mobile phones in every aspect of life has only been increasing through the past years, with mobile and internet banking, cloud services and working from home since the Covid-19 pandemic, being some of the latest watch points. Threats to mobile phones and tablets include designed spyware for messaging applications, the vulnerabilities within Android devices, mobile malware from Distributed Denial of Service (DDoS) and SMS spam.
There isn’t only a single way to protect mobile devices from attacks on the public networks to which they’re connected in the future, rather it’s a process of making it harder for attackers to access these devices. This can be done through enhancing mobile security as well as benefiting from security solutions based on hardware, to protect sensitive data.
4. AI and Machine Learning:
Most think of Artificial Intelligence as a new means of bringing in more cybersecurity risks. However, AI has been very effective in recognizing, detecting and reporting cyberattacks. Through machine learning, businesses were able to use features such as face recognition, data processing and automated detection of threats to improve their security and lessen their costs.
Due to the speed with which AI and machine systems can analyze massive amounts of risk data and manipulate algorithms, they can predict possible harmful attacks and respond to them. The data used in machine learning must be comprehensive including every possible scenario.
On the other hand, attackers are also using AI and machine learning to automate their attacks, develop malware in order to get pass the latest security protocols, data poisoning and techniques of model-stealing.
5. Targeted Ransomware:
Ransomware is one of the ever-growing forms of cybercrime, it’s been around for over 20 years and has grown into more than 120 forms, as attackers become more skilled at hiding malicious code. The reason behind this might be because ransomware is one of the easiest ways for attackers to gain funds. Hasty digitalization of businesses, coupled with working from home, have poised new targets for attacks.
Ransomware attacks don’t only affect the reputation of businesses, through the threat of releasing the data stolen and encrypted by the attacker to the public, but also affect the business’ financial status by paying the required ransom to have their data returned.
Targeted ransomware is hazardous to the healthcare system in particular, where lives are at stake. One incident in 2020 involved the hacker locking a hospital in Germany out of its system, leaving it unable to treat incoming patients. A patient in need of urgent care was transferred to another hospital, but did not survive. Another incident is the infamous Wanna Cry Attack back in 2017, corrupting over 70,000 devices in hospitals of the National Health Service in the UK.
6. Targeted Phishing and Social Engineering attacks:
Phishing attacks are more pervasive than ever before, since they’ve become more personalized and professional-looking emails and URLs. Employees working from home have become a new target for phishing when they connect to their employer’s network from home. A new target for phishing attempts is the executive leadership.
An important and progressing phishing element is SMS phishing or “smishing”, which is developing with the rapid use of messaging applications such as WhatsApp, Skype, WeChat, which attackers use to trick users to download malware.
Voice phishing or “vishing” was used before in a famous Twitter hack back in 2020. Hackers posed as IT staff members and called customer service representatives and tricked them to gain access to a vital internal tool. Vishing targets companies, financial institutions and even large corporations.
A recent form of phishing is SIM card jacking. This is where the attacker calls the mobile service operator where he tries to convince them that his SIM card was hacked, hence transferring the supposedly hacked phone number to another card. If the attacker succeeds in this hack, he then gets access to the victim’s phone data.
Despite the increasing security measures taken by companies and businesses, attackers are also developing their phishing means, with more personalized, targeted and geo-targeted phishing attempts, different ways of attack depending on the victim’s location.
7. More attacks on the Healthcare Sector:
Due to the sensitivity of both the data stored through healthcare systems and the entire healthcare system as a whole, hospitals and health organizations allocated more resources to invest in cybersecurity. GlobeNewsWire estimated back in 2020, that by 2027, healthcare cybersecurity market will amount to $33.65 billion.
The Covid-19 pandemic poised new risks for healthcare cybersecurity, as security protocols needed to be eased down to allow hospital staff to access medical records from their home. Telehealth services also evolved greatly after the pandemic and many temporary medical facilities were set up as well. Regular and more sophisticated security protocols weren’t followed in the previous two cases, to allow the ease of access.
IoT and data breaches remain the top cybersecurity risks for the healthcare systems moving forward. Medical records and sensitive information about individuals, employees, businesses and patients, remain one of the main targets for cybercriminals. A law firm in the US, BakerHostetler, stated in a survey that the US hospitals and healthcare system account for a quarter of cybersecurity attacks in the country.
8. More risk to working from home:
It’s true that working from home became the latest way to adapt the workplace after the Covid-19 pandemic. However, cyber security specialists estimate that a great portion of people will remain working from home, even after the pandemic ends.
Working from home provided a great opportunity for attackers to exploit the less secured home networks, for their illicit purposes. The continuation of this working method will put both company data and personal data at further risk. While company office has routers, firewalls and their cybersecurity is run by an IT team, home offices don’t have such defenses.
The risk factors in home offices include employees using their personal devices for two-factor authentication, having applications on their mobile phones designed to communicate with clients and colleagues such as Zoom and Microsoft Teams. In the heat of trying to adapt to the new work situation, some of the typical security measures were set aside.
Moving forward, businesses need to identify the vulnerabilities found in the distributed workforces. They need to improve their security systems, adopt more security measures, as well better ways to monitor and document the work of the employees working from home.
9. Human Error and Insider Threats:
A study by Verizon estimated that human error was responsible for 34% of cybersecurity data breaches, whether directly or not. This means that organizations need to exert more effort in increasing the awareness of their employees to avoid both intentional and unintentional errors that can cause organizations to lose millions of their data.
10. Politically-motivated cyberattacks:
The struggle for dominance will not stop anytime soon as both eastern and western powers brawl. The attacks are not that much, but they are enough to affect elections in different countries. In 2022, the expectations of data breaches of political and industrial secrets is high.
11. Automotive Hacking:
Automated software in modern vehicles provides smooth rides, door locks, engine control and many more advantages. However, the rise in this field means increased use of WiFi and Bluetooth connections, making the system more vulnerable to hacking. Some of the dangers expected to increase are hacking to take control of the vehicle or even using the car’s microphone to eavesdrop.
Self-driving and autonomous vehicles, on the other hand, use a much complicated cybersecurity mechanism with strict measures.
12. Unaware Users:
In a report, Infosec stated that 97% of people around the world cannot identify a phishing email, and 1 person in 25 people in fact open those emails and fall victims to cyberattacks. On the other side, attackers have developed their methods of phishing and malware attacks, increasing the difficulty of discovering them.
This prompted many organizations to work on tightening their security measures, not only through implementing stricter security measures, but also through increasing the awareness of their employees as well as the IT team. Cyber Observer stated in 2020, that stopping around 80% of cybersecurity attacks can be achieved through the practice of cyber hygiene.
There are two major steps in this regard, that companies have started to take. The first is putting policies controlling how their employees share corporate data. The second step is providing a combination of web-based and classroom-based cybersecurity classes for their IT team and employees.
13. Compliance with GDPR:
GDPR is the General Data Protection Regulation, enforced by the countries of the European Union in the field of protecting data privacy. In this regard, the regulation is not only applicable to companies and businesses in the EU, but to any company or business offering services to the citizens of the EU, regardless of the company’s location.
The GDPR is a uniform set of rules and regulations that are enforced in all European nations, allowing consistent protection of data across these nations. The unity of these data protection regulations also saved each nation the trouble of writing their data protection regulations.
Companies offering services to EU are gradually changing their policies to achieve GDPR compliance. Since 2019, it was estimated only 28% of companies were able to achieve compliance, which was far from the 78% desired percentage that were hoped to be reached by 2018.
14. Threats to Student data:
Surprisingly, student data is the main affected element of higher education when it comes to cybersecurity. The rise in online and remote learning especially after the start of Covid-19, put cybersecurity among the top interests of higher education. This is mainly due to cyberattacks targeting student admission data of three private universities, according to the Inside Higher Ed. report of 2019.
The 2018 Education Cybersecurity Report by Security Scorecard stated that the education sector comes in the last position of 17 industries in the US, when it comes to cybersecurity. This is despite that 11% of cyberattacks on higher education in the country involve espionage, and the higher education sector is not exerting enough effort to secure its networks and applications.
15. Increased attacks on the financial sector:
Cyberattacks on the financial sector have been on the rise in the past years, becoming more persistent with cloud migration and the many security regulations that cloud migration entails. The most common of cyberattacks on this sector is phishing, though it expanded from email phishing to phishing through social media and text messages.
The Boston Consulting Group released a report where they stated that malware and data breaches are two other forms of cyberattacks targeting the financial sector. The report also said that in comparison to businesses in other industries, firms offering financial services are 300 times more prone to cyberattacks.
Another report by Infosecurity Magazine, revealed that in the duration of three months in 2020, from the beginning of February to the end of April, cyberattacks on the financial sector increased by 238%, since the start of the Covid-19 pandemic.
16. Multi-factor authentication:
Multi-factor Authentication or MFA is the safest way to safeguard your personal and financial data. However, attackers are constantly coming up with methods to bypass MFA, in particular authentication done through SMS or phone calls. This motivated Microsoft to advice users to refrain from using SMS authentication and resort to application-based authenticators and security keys.
The main security threat when it comes to SMS authentication is that the messages are not encrypted, rather sent in simple text. This method of authentication is widely used by online banking systems, which poses a great risk, where attackers can perform a man-in-the-middle automated attack, intercept the message and gain access to the victim’s financial data.
Automated man-in-the-middle attacks are one of the reasons why banking systems and other organizations heading towards other means of authentication, such as app-based MFA like Google Authenticator and Authy.
17. Data is always the main target:
Cyberattacks might have a variety of targets, but data will always be the prime target and both people and organizations are becoming more aware of this. Data can be hijacked through a small bug in your browser. A cyberattack on several organizations can cause millions of personal data records.
Data protection regulations are issued to ensure the compliance of companies and organizations with data security measures. These regulations are like the GDPR or the General Data Protection Regulation, protecting EU citizens, and the CCPA or the California Consumer Privacy Acts, protecting citizens in California.
Organizations are also working on the recruitment of cybersecurity officials, using MFA, data encryption in both, transit and at rest, regular assessments to work on improvement sections, network segmentation and role-based access control.
Computer Security Costs
Money spent on cybersecurity was expected to slightly rise in 2022. The expected percentage in 2021 was 41%, while in 2022 it’s expected to reach 44%. Most cybersecurity budgets are expected to increase as well, with a few only expecting a decrease in their budgets, according to the 2021 Security Priorities Study by CSO.
The 2022 Global Digital Trust Insights report by PwC, revealed that 69% of organizations are expecting an increase in their cybersecurity spending over the current year. The spending on information security and risk management is expected to reach $172 billion in 2022, which was $155 billion in 2021 and $137 billion in 2020.
Joe Nocera, the PwC Cyber and Privacy Innovation Institute stated that although businesses keep saying they’d pay whatever amount of money it takes to not fall victims to cybersecurity breaches hence having their names all over the news. But at the same time, the same businesses they aren’t willing to spend more than deemed necessary. They want to make sure they’re getting what they’re paying for.
What’s driving Computer Security costs?
According to the CISO of EPAM Systems, Sam Rehman, there are three factors. First, there’s the increased interest from corporate boards regarding the cybersecurity program of the company, since the liability might fall on them in the end, like in Director’s Dilemma, mentioned in Jamil Farshchi’s list for top cybersecurity threats for 2022.
The second reason is the increase in cybersecurity threats, since it’s expected there will be a 50% increase in cyberattacks in 2022, in comparison to 2021. The third reason is how easily obtained data through security breaches can be monetized, which causes enterprises millions of dollars.
Corporate boards know they can’t expect 100% protection from cybersecurity attacks. However, they know that an excellent defense system buys time to detect the breach, and implement the countermeasures agreed upon. This also highlights the importance of an organized plan to follow when a cybersecurity attack is detected.
UK Security Industry Statistics
Cybercrime in the UK is evolving as it is in different parts of the world. Through the past two years, there have been increasing ransomware attacks, online fraud and data breaches impacting both individuals and businesses in the country. The government launched the National Cyber Force (NCF) to better combat cybercrime.
Here’s a compilation of the latest cyberattacks targeting the UK:
1. There were successful cyberattacks on 86% of UK organizations in 2020/2021:
The Cyberthreat Defense Report of 2021 by CyberEdge, revealed that a percentage of 82.3 of the UK organizations suffered from attacks in the year before the study. However, the report also revealed that there were worst hit countries than the UK, with Columbia coming in first with 93.9%, China and Germany each with 91.5% of organizations dealing with attacks.
2. Seventy-one percent of UK organizations suffered from ransomware attacks over the period of 12 months:
The CyberEdge report uncovered that more than half of the organizations in the UK suffered from ransomware attacks. This puts the UK with Australia, Brazil, Japan and Turkey. Columbia remains the worst hit by 93.9% of its companies suffering from ransomware attacks in the 12 months before the study.
3. Security spending in UK IT budgets is 11.2%:
The lowest global IT spending belongs to Japanese companies with 10.6%, while the highest belongs to Mexican companies with 15.9%. Companies in the UK had the third lowest IT budget spending with 11.2%.
4. In 2021, security budgets remained at 13%:
While it was expected for security budgets to increase in 2021, CyberEdge revealed that for the first time, that while the budget increased by 5% in 2020, it remained at its current level of 13% in 2021.
5. A percentage of 79 British companies preferred technologies involving AI and machine learning:
Compared to 82% the year before, CyberEdge’s report said that security products involving AI and machine learning remain dominant of the UK cyber technology market. While Saudi Arabia came in first on the list with 98%, the UK came in the bottom four countries with Germany taking the last spot with 71.6%.
6. British organizations were able to stop 39% ransomware attacks before the data was encrypted:
The Ransomware Report of 2021 by Sophos State, revealed that this 39% was just above the global average of 24%, while Turkish businesses were able to block 51% of attacks, the Spanish ones blocked 44% of attacks.
7. Of the successful attacks, 13% of the British organizations paid the ransom:
Thirteen percent of the organizations ended up paying the ransom demanded by the attackers. This percentage was below the global average of 26%, with India coming in first with 66% of companies paying the demanded ransoms, 50% for Sweden and 32% for the Philippines.
8. Ransomware attacks in the UK cost an average $1.96 million:
Despite the portion of UK companies paid the required ransom was below the global average, ransomware attacks were still costly to fix. The previous average was more than $800,000, which increased to $1.96 as reported by Sophos, putting the UK in the top 8 countries on the list. Austria with an average of $7.75 million and Belgium with an average of $4.75 topped the list.
9. Eighty-eight UK companies are cyber-insured:
The number of companies incorporating cyber security insurance into their company policies, with more than 70% of these companies having ransomware protection. This high percentage puts the UK in the highest 8th place on the list.
10. The UK is responsible for 1% of spam:
A study by Kaspersky traces how much spam different regions around the world are responsible for. While the highest came from Russia with 21.27%, Germany with 10.97%, the US with 10.47%, the UK was responsible for 1.04% of world spam.
11. In 2020, 9.75% of British people attempted to open phishing links:
This was another part of the Kaspersky study, that revealed the worst numbers came from Brazil with 19.94% of attempts, France had 17.9% of attempts, Cameroon had 17.32% of attempts and Australia had 16.59% of attempts.
12. A percentage of 1.2 scam websites have a domain ending in .co.uk:
The same study by Kaspersky revealed that while most of scam websites have a domain ending in .com, these only represented a quarter of scam websites. Other popular domain extensions included .ru with 2.12%, .com.br with 1.31% and .de with 1.23%. The UK’s percentage of 1.2 of .co.uk, puts it in the 5th place.
13. Since December 2020, a total of 2,300 Covid-19 malicious files were detected in the UK:
After the pandemic, McAfee began to track malicious file detections that were related to Covid-19. The US had a staggering number of around 200 million file detections, while the UK had a total of 2,300 file detections from the end of December 2020 to the end of January 2022.
14. The UK ranks 8th in the top countries for cybersecurity around the world:
In a study by Comparitech, involving 75 countries from around the world, the UK earned the 8th place when it came to cyber health. The study analyzed how frequent people from each region suffer from cyberattacks and how many attacks each region is responsible for. The other European countries preceding the UK on the list included Denmark in first place, then Sweden, Ireland, Norway in the following places. With Finland, the Netherlands and Austria coming in 5th, 6th and 7th positions.
15. More than £44 million GDPR fines were issued in the UK since 2018:
Work in accordance with the General Data Protection Regulation in the UK, started in 2018. According to the Data Breach Report by DLA Piper in 2021, since the beginning of implementing the regulation, fines with a total worth of £44,221,000 were issued. The number might seem high, but in Germany, Italy and France more fines were issued.
The report also reveals that the fines made public in the UK were only 7 GDPR fines, while Spain issued more than 200 fines. The largest three single fines were issued in Ireland, the Netherlands and France, followed by Germany and Italy. A single fine of more than two and a half million euros was handed to the Dutch Minister of Finance, while WhatsApp got a fine of €225 million.
16. In the UK, a single data breach in 2020 cost an average of $4 million:
The IBM released a report of the Cost of a Data Breach in 2020, which included in addition to companies’ response time, the costs incurred by the companies for each breach. UK companies had the average cost of $3.9 million per breach, recording an increase by 4.3% from 2019 and slightly exceeding the global average of $3.86 million. The US had an average of $8.64 million, the Middle East had an average of $6.52 million and Canada had an average of $4.5 million.
17. Fifty-three percent of the breaches in the UK were malicious:
IBM listed the causes of security breaches in the UK, malicious attacks had the majority with 53%, followed by human error at 25% and system glitches at 23%. The highest region with malicious attacks was the Middle East with 59% and the lowest was achieved in Canada by 42%.
18. It takes an average of 181 days for UK organizations to identify a breach:
The time it takes a company to identify a breach has occurred and then the time it takes in handling the breach are two major factors determining the effectiveness of the cybersecurity system. In the UK, it took companies an average of 181 to detect a breach and 75 days more to contain the breach. The total days of 256 of the UK puts it in the 5th place of the fastest countries to respond to cybersecurity breaches. The fastest four were Germany, Canada, South Africa and the US.
19. The UK was in the list of the top ten countries most affected by stalkerware:
Stalkerware is a software used for cyberstalking, more commonly known as spyware. In 2021, Kaspersky released its report of State of Stalkerware, after examining how often this type of cyberattack took place in different regions in the world. The UK had 1,009 incidents, making it the third highest in Europe, after Germany with 1,547, and Italy with 1,144.
20. In 2020, there were more cyber security companies by 21%:
Atlas VPN conducted a study found that the number of cyber security companies in the UK grew from 846 in 2017, to 1,483 companies in 2020, meaning the growth rate of the industry was 85% in the past three years.
Of the total number of countries there were 840 micro-sized, with less than 10 employees, small firms were 327 with 10 to 49 employees, medium-sized firms were 172 with 50 to 249 employees, while large companies with more than 250 employees were 144.
21. There are about 50,000 personnel working in the cyber security industry in the UK:
Ipsos MORI released a report stating that a total of 46,683 people are working in cybersecurity related roles in the UK, which equals a 9% increase from 2019. A percentage of 65 of this total, work for large-scale companies, which have 250 employees and more.
22. The revenue of the cyber security industry in the UK is nearly £9 billion:
The Ipsos MORI report also stated that the total revenue of the cyber security industry in the UK reached £8.9 billion in 2020, representing an increase of 7% from 2019, which stood at £8.3 billion.
23. A cyber security job in the UK has the average salary of £62,500:
According to CW Jobs, the average salary of a cybersecurity job in the UK is £62,500, based on a sample of 531 jobs. It also tells us that the average salary changes depending on locations. Whereas Manchester has an average of £47,500 with a range between £42,500 and £52,500. Bracknell on the other hand, has an average of £82,500 and a range between £77,500 and £87,500.
24. In 2021, the reports of cybercrime and fraud in the UK amounted to 400,000 reports:
According to the dashboard of NFIB Fraud and Cybercrime, there was a total of 445,357 cybercrime reports in 2021, with more than 380,000 reports from individuals and more than 60,000 from businesses.
25. According to the NFIB, cybercrime and fraud cost organizations and businesses in the UK, a total of £2.4 billion in 2021.
26. A great number of the cybercrime reports in 2021, came from online shopping and auctions:
One of the reports of the NFIB, stated that in 2021, about 86,000 reports were regarding online shopping and auctions, in comparison to the 80,500 reports from 2020. Despite this huge number, the majority of incurred losses were regarding reports about cheques, online bank accounts and plastic cards.
27. Cybercrime in the UK usually targeted those between the ages 20 to 39:
It seemed, that with age, there’s less risk of falling a victim to cybercrime. However, according to the NFIB, there are many factors affecting this statistic, such as the more frequent usage of the younger generations of new advanced technology. Another factor is the readiness to report a cybercrime.
28. In 2021, reports of social media and email hacking amounted to about 14,000 reports:
Apart from fraud, social media and email hacking had the top positions for the most viral cybercrime attacks in the UK in 2021. The total reported cases were 13,522, resulting in almost double the figure of 2020, with a total of £7.8 million in damages.
IoT Security Statistics
The Internet of Things technology was once a new technology that many thought of lightly. Today, businesses compete in integrating more IoT devices into their infrastructure, as a new means of collecting and managing data. The reliance of ordinary people on this new technology has increased significantly as well.
The cybersecurity risk in IoT technology comes from the connection of the IoT operated devices to a bigger network. This network must be properly secured to safeguard the amount of data stored and managed through it. Otherwise, significant damage can occur if a breach takes place and data is stolen.
In this regard, here are the latest IoT Security Statistics for 2022:
- There were more than 10 billion IoT devices connected in 2021.
- By 2025, the number of IoT devices connecting to the internet every minute, will be a whopping 152,200 device.
- By 2030, the number of IoT devices connected will jump to more than 25.4 billion devices.
- The revenue generated by the usage of IoT technology is estimated to be between $4 to $11 trillion by 2025.
- IoT technology helped 83% businesses and organizations in improving their efficiency.
- In the period between 2019 and 2025, global spending on IoT technology will reach a staggering $15 trillion.
- By 2026, the consumer IoT market spending will increase to $142 billion.
- Despite the risk it involves, all retailers agree that the benefits reaped from the IoT technology outweigh the risk.
- By 2025, the amount of data collected by IoT devices will reach 73.1 ZB (One Zettabyte equals one trillion Gigabytes).
- Even though hardware value amounts to 30% of the total value of IoT technology, this percentage is expected to decrease with the invention of new software that allows connection between IoT devices.
- Since 2019, more than 127 devices connect to the internet every second, for the first time.
- Statistics on the current IoT devices indicate that by 2023, the number of cellular IoT connected devices will reach 2.2 billion. It’s also expected that the North East Asian market will dominate this statistic.
- Due to increased growth in the manufacturing process in the United States and the increase of smart machinery, the worth of smart factories is expected to reach $500 billion in 2022.
- By 2025, the investments by many sectors in IoT technology is expected to reach $15 trillion. Sectors such as healthcare providers, clothing manufacturers and municipalities are some of the sectors leading this statistic.
- The use of IoT technology in the healthcare system is still new, however, this use is increasing greatly. In 2019, about 86% of healthcare organizations used IoT technology.
- Statistics regarding the healthcare IoT devices estimate that the size of the IoT healthcare market will reach $158.1 billion in 2022 and $534.3 billion by 2025.
- Back in 2018, Apple launched a new IoT device called “Movement Disorder API” that allowed Apple Watches to monitor symptoms of Parkinson’s disease.
- Many medical imaging devices used Windows 7, and the discontinuation of this version of the operating system, led to 83% of these devices currently use unsupported OS and are easy targets for malware and cyberattacks.
- In 2016, patients were able, for the first time, monitor how fast their blood clots, through a Bluetooth and IoT device invented by Roche. This device was revolutionary because it enabled patients to self-test their blood and forward the result to their healthcare providers, hence aiding in the prevention and speedy reaction to strokes and bleeding.
- In the Threat Intelligence Report by NETSCOUT revealed that every IoT device gets connected to the internet, gets attacked only 5 minutes after it goes online.
- Most attacks aimed at IoT devices are actually aiming for the router to which the device is connected. Every router is estimated to get 5,200 attacks per month. The reasons for this being that many IoT devices don’t use a password, leading 17% of the IoT attacks. Some IoT devices are still using the original password, the most famous of all is 123456, the most famous back in 2018. Lastly, most IoT devices were 5 years old and more, meaning they didn’t have the recent security updates.
- A study carried out over 8 countries and involving 1,600 consumers, revealed that 92% of participants wanted to control what personal information is collected by companies. Lower numbers of participants feared they could lose their civil rights due to the data collected and others want companies violating consumer policy to be fined.
- In a Gemalto survey, a high percentage of 55% of companies believed that third parties who have access to their confidential data, should observe the IoT security regulations.
- A staggering 48% of companies stated they couldn’t detect security breaches in their network. Moreover, many companies failed to produce IoT devices with a built-in security software.
- Since there’s more IoT integration in the industrial field, the purpose of this increased integration differs from one country to another. Such as IoT projects related to smart cities are located in Europe, while in China this advanced technology is used to increase competitiveness.
- IoT can help industries in digitizing their operations and improve the efficiency of their work. More than 50% of manufacturers believe IoT technology is vital for the advancement of industrial operations.
- By the end of 2018, 57% of businesses adopted IoT in their work and by the end of 2021, that figure jumped to 94%.
- Statistics show that since 2018, nine in ten senior executives from industries related to technology, such as media, technology and telecommunications, have been saying that IoT technology has become to either some or all the lines of their business.
- One of the most successful sectors for IoT technology is the retail sector, with the beginning with barcode readers back in 2014. The size of IoT in retail is expected to be worth $94.44 billion by 2025.
- Developing countries will be responsible for more than 40% of the global value of the IoT market.
- Many studies suggest that the working force will be reshaped until we reach 2030. Increased automation will lead to many losing their jobs, specially physical laborers. On the other hand, those working in social networking and interactions, management and applied expertise, seem to have a better forecast.
- Samsung, LG, Huawei, Qualcomm and Sony are the top holders of patents when it comes to innovative IoT devices. Samsung has 820 patents registered to it, LG has 524 patents, Huawei has 490 patents, Qualcomm has 485 patents, while Sony has 479 patents.
- The vice president of IDC, Vernon Turner, says that by 2025, about 152,200 IoT devices will connect to the internet every minute, bringing the number of connected devices to 80 billion.
- Covid-19 caused a surge in the IoT market, with more people working from home and with raised awareness about sports and fitness. Another market that’s going to prosper is the smart clothing market, which is expected to reach $5.3 billion by the end of 2024.
- Despite the staggering statistics of how many IoT devices will be connected in a few years from now, at the present time, only 0.06% of the current devices are actually connected to the internet.
- At the end of 2021, statistics show that around 10 billion IoT devices were connected and the number will reach 75 billion by 2025. The problem with this huge number of devices is they are overwhelming when it comes to malware and security measures, making it more difficult to protect all these devices.
- By 2026, a statistic conducted by Market Research Engine states that the consumer IoT market will grow to reach $142 billion. In this regard, the North American market remains the biggest when it comes to consumer IoT devices, while the Asia-Pacific region represent a growing demand.
- In the US, it’s estimated that at least 21% of American adults wear either a smartwatch or a fitness tracker. This is one of the most common sights today, with more people accepting the idea of sharing their health data to help research about heart conditions and exercise.
KPMG Cyber Security Report 2018
In cooperation with Oracle, KPMG conducted a survey in 2018, involving 450 cybersecurity and IT professionals, about the threats of cloud services. Many businesses in different sectors have been racing to adopt cloud technology, specially the competitiveness advantage this service gives. On the other hand, the rapid adoption of cloud services, created more security challenges as cybersecurity agencies struggled to keep up.
Here are the report’s findings regarding the impacts and challenges of cloud adoption:
- The continuous use of cloud services stems from the confidence in the security measures put on public cloud environments. This ultimately resulted in many organizations storing their data using cloud services.
- Increased usage of cloud services widened the scope of security threats. The majority of threats include phishing, malware and even business email compromises.
- It’s not always easy to detect and report cybersecurity breaches in the cloud, even though it is the biggest concern for consumers.
- Even in the cloud, consumers have obligations to observe. However, the shared responsibility of both consumers and providers isn’t well interpreted to outline the responsibilities of each side. This in turn creates more gaps which hackers can use to breach the network.
- Cybersecurity attacks results in monetary gains for the attacker on one side, on the other side, it hinders the presentation of services to customers.
- Organizations have been focusing more on creating tools that would help in the security of cloud applications and infrastructure, with a new focus on people, technologies and processes.
- Technological advances can help in threat detection. Advances such as machine learning can help increase the efficacy of detecting and preventing threats. These advances will also increase the efficiency of the security of current cloud-enable workplaces.
This gap between the increase of cloud services in modern day businesses and the challenges it creates, is also caused by a paradox of businesses behavior as well. Businesses want to enjoy the best of the cloud services, but they do not always obtain the approval of IT teams and security officials to start using these services. This paradox creates a type of shadow IT that threatens the strategies of cybersecurity corporates.
Participants in the survey stated their knowledge that in order for organizations to close the gap between the increased usage of cloud services and the security measures required to secure such usage, organizations will need to increase spending on cybersecurity. Eight-nine percent of participants expect increase in cybersecurity spending, and 44% of them expected only a 7% rise in cybersecurity spending.
The future might be focusing on the improvement and development of the cloud-centric services, however, the old-school IT systems such as client-server designed applications, still serve and do critical functions for businesses.
The report concludes that a holistic approach is the best way to handle cybersecurity, combining the evolving cloud services with the tried and tested IT protocols to provide the most secure environment.
Latest Cyber Security Breaches
The Identity Theft Resource Center (ITRC) declared that the number of security breaches in 2022 will be historical, just in September 2021, security breaches were 1,291 data breaches, from 1,108 breaches of the same month in 2020, this is a 17% increase in attacks.
The top affected sectors were manufacturing and utilities, with a record of more than 48 million people affected. Followed by the healthcare system with more than 7 million victims, the financial services sector with 1.6 million victims, professional services with 1.5 million victims and the government sector with 1.4 million victims.
The ITRC cited the lack of transparency when it comes to disclosing security and data breaches from both organizations and governments, as a major concern. This attitude puts the cybersecurity of individuals at risk and creates new challenges in the field of cybersecurity.
Here are some of the notable Cyber Security Breaches:
Cognyte is a cybersecurity analytics firm, that stores information mainly through the cyber intelligence services it offers. This service warns customers of any third-party data breaches. Cybersecurity researcher Bob Diachenko, discovered what amounts to 5 billion records, supposedly stored by Cognyte, that were available for access on the internet, without any protection or passwords.
Not all the breached data contained only passwords, some included names, email addresses, passwords and data sources. After Diachenko informed Cognyte of the breach, the database was secured after three days.
The famous job-searching website comes in the second place with a leakage affecting 700 million LinkedIn users, representing almost 93% of the website’s users. The data was available online for sale, and included the samples of users’ profiles from 2020 and 2021, offered for sale.
Even though, login passwords and credentials weren’t in the breached data, enough information was leaked that could be used in identity theft and stealing the users’ identities. Information offered for sale included full names, phone numbers, email and actual addresses, LinkedIn usernames, profile links, social media accounts, personal backgrounds and professional experience.
LinkedIn disputed this data breach, especially after an earlier incident in April of the same year, stating that it wasn’t in fact a data breach, rather a threat actor collecting publicly available data. The investigation carried out by LinkedIn stated that the phone numbers, inferred salary, gender and physical addresses weren’t leaked from LinkedIn, rather from external sources.
A LinkedIn spokesperson stated to Fortune, the global media organization, that the renowned company works to put an end to any attempt by anyone who tries to take advantage of members’ data and use it for purposes that neither the company nor the users agreed upon.
Alon Gal, a security researcher, discovered a data leak in the world’s first social media website, Facebook, with information pertaining to the accounts of 533 million Facebook users. The users affected came from 106 countries, more than 32 million from the US, 11 million in the UK and 6 million users in India.
The way the leaked data was authenticated was through comparison of known phone numbers of the several Facebook users with the IDs stored in the data set. Another method used was by testing email addresses in the password reset feature, which is another way that could be used to reveal a user’s phone number.
During regular checks on IP addresses on some of the network ports, Safety Detectives discovered a network safety vulnerability on a transportation company in Karachi, Pakistan, called Bykea. The exposed data amounted to 200GB of data with more than 400 million data records. The data contained full names, people’s locations and personal information that could be easily used by hackers to obtain financial gains.
Despite the statement by Muneeb Maayr, Bykea’s CEO, that the cyberattack wasn’t out of the ordinary, since that the company was a mobility based firm. It’s worth noting that the company had suffered an earlier cyberattack, where the hacker deleted all of the company’s user data. Though, Safety Detectives stated it was unclear whether both attacks were linked.
5. Brazilian Database:
In January of 2021, PSafe discovered the largest data leak in the history of Brazil. The leak, reported afterwards by Technoblog included 223 million data sets. The data included names, facial images, phones numbers, addresses, emails, tax identifiers, salary and more. Even the personal data of millions of deceased was leaked, as well as 104 vehicle records.
The leaked data was offered on a Darknet forum, for free. The main suspect behind the breach was a credit-scoring bureau called Serasa Experian, the leading credit-scoring bureau in the country.
Anurag Sen and a team of Safety Detectives discovered a major data leak of the Chinese social media management company, that compromised more than 214 million users of social media, varying between Facebook, Instagram and LinkedIn. The database contained 318 million records, amounting to more than 408GB.
The data leaked contained full names, physical addresses, work, positions, contact information and even subscriber data. Due to the massive leak, it was difficult for the team of determine the actual size of the damage. The database had over 80 million Facebook users, with more than 55 million Facebook profiles deleted after the discovery of the leak, more than 66 million LinkedIn users and more than 11 million Instagram users.
Bob Diachenko discovered an elastic search database containing 200 million records of the adult cam site, Stripchat. The leaked database had information about 65 million user records with email addresses, when the accounts were created and even IP addresses. Another leaked database had 421,000 records of the models, their usernames and studio IDs.
Raychat is a leading business and messaging application in Iran, Diachenko discovered a vulnerability in the data system using public search tools. A Gizmodo report stated the data was stored on misconfigured MongoDB or a misconfigured database. Companies handling huge amounts of user data usually use this type of NoSQL database. The problem with such types of databases is they can leave all the data exposed, if they aren’t configured properly.
The data leaked contained 150 million user records, that was later deleted using a bot. According to Diachenko, attackers search the internet for similar databases like Mongo, since the database can be unprotected, making it an easy target for bot attacks. The attacker then wipes the database and leaves a mere ransom note.
9. Thailand Visitors:
While uncovering a security breach, Bob Diachenko stumbled upon his own private data online in August of 2021. The uncovered database contained information about more than 106 million people who visited Thailand. After Diachenko reported to the Thai authorities, they cooperated and were able to secure the data the next day.
The leaked data was ten years old and included personal information such as full names, passport numbers, visa type, arrival date, residency and arrival card number.
10. Android Users Data Leak:
Misconfigurations of cloud services of 23 Android applications, led to the leakage of the personal data of more 100 million users online. The applications had a range of downloads between 10,000 and 10 million and even contained the internal developer resources.
Researchers at Check Point discovered the leaked data contained personal information, such as names, birth dates, email addresses, locations, passwords, chat messages, photos, phone numbers, payment information and push notifications.
Check Point divided the 23 applications into two groups. One group including a dozen applications were downloaded over 10 million times on Google Play, and most of this group had no protection of the real-time database. The other group had misconfigured databases. Both groups putting user information at huge risk. This simply shows how the basic security measures are not available in many applications.
Top 11 Cyber Security Experts
There are many names in the cybersecurity world who made a name for themselves through years of expertise in the field. These are some of the top cybersecurity experts to follow for more on the latest cybersecurity news, analytics and insight.
1. Adam K. Levin:
With experience over 40 years as a consumer advocate, he is the author or the best-selling book of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves”. Adam is an expert when it comes to cybersecurity, fraud, identity theft, privacy and personal finance. He is the founder and chairman of CyberScout and he co-founded Credit.com.
2. Brian Krebs:
Brian began his career as a reporter for the Washington Post and writing over 1,300 blog posts for Security Fix. His computer security and cybercrime blogs won him several awards. He wrote the award-winning book “Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door”. Brian is currently an independent investigative reporter and is one of the most trusted voices in Cybersecurity.
3. Bruce Schneier:
This security technologist is a lecturer at Harvard Kennedy School and author of several books on application security, such as “Beyond Fear: Thinking Sensibly About Security in an Uncertain World”. Bruce works as an advisor to IBM Security, is a board member in several institutions such as EFF, the Tor Project and Access Now and is CTO at IBM Resilient.
4. Daniel Miessler:
You can catch Daniel’s insight and technological advice on the weekly podcast and newsletter of the Unsupervised Learning. He is the project leader of the IoT security project at OWASP.
5. Dmitri Alperovitch:
Dmitri co-founded and was the former CTO of CrowdStrike, he was the vice president of the threat research at McAfee in August 2011 as well as being a board member in more than half-dozen companies. He is a computer security executive and is the holder of more than 24 patents for his cybersecurity innovations.
One of Dimitri’s most notable works is the Operation Shady RAT, on suspected Chinese intervention in about 72 institutions, including businesses, the United Nations, defense contractor and even the International Olympic Committee.
6. Eugene Kaspersky:
Eugene is the chairman and CEO of Kaspersky Labs, a position which earned him worldwide recognition. Eugene’s journey began with cybersecurity when the Cascade virus infected his PC and he had to develop a program to remove the virus, during his work for the Ministry of Defense.
7. Eva Galperin:
Eva works at the Electronic Frontier Foundation (EFF) as the Director of Cybersecurity and at the Freedom of the Press Foundation as a technical advisor. She is most noted for her work in the protection of global privacy and free speech, malware research and nation-level spyware. Eva was chosen as one of the Most Creative People of 2019 in the list created by Fast Company Magazine.
8. Mikko Hyppönen:
Mikko has been working at F-Secure since 1991 and has become a global security expert. He wrote many articles on his work and research in the New York Times and Wired and Scientific American, in addition to appearing on international television. Mikko gave many lectures at renowned universities such as Oxford, Cambridge and Stanford.
PC World Magazine chose Mikko among its 50 most important people on the web list, and FP Global included him in its 100 Thinkers List.
9. Shira Rubinoff:
Shira is a pioneer in the woman-in-technology field, where she led several initiatives and efforts in the field. She also is responsible for building two product companies in the field of cybersecurity. Shira is a world renowned cybersecurity advisor, executive, global speaker and influencer.
She is the president of SecureMySocial; a social media security firm and Prime Tech Partners. As well as being a board member in institutions such as the Executive Women’s Forum for Information Security, Boards of Pace University Cybersecurity Program, Leading Women in Technology, and companies such as Mainframe, TrueConnect&Pypestream.
10. Steve Morgan:
Steve is a cybersecurity researcher, writer, journalist and publisher. He founded Cybersecurity Ventures and is the Editor-in-Chief at Cybercrime Magazine as well as being the Executive Producer of Cybercrime Radio. Steve compiles an annual report with the latest on cybercrime, backed up with statistical data.
11. Troy Hunt:
Troy is the founder of the “Have I Been Pwned” project. Through the project’s website, you can add your accounts to check if they’ve been breached or have security leaks. He travels the world as a renowned cybersecurity speaker, meeting with technology professionals to assist them in strengthening their security tactics.
Cybersecurity is a joined responsibility of everyone in the society, if we aim to enjoy the benefits of modern technology, we must also work hard to avoid falling victims to it. Remember, always use strong passwords, application-based authentication and make sure you always update the software of any applications or IoT devices you have.