This year saw publicly reported data breaches and cyber attack attempts soar, stretching cyber teams to their limit and increasing recovery-related costs to unsustainable levels. By the end of September 2021, the number of data breaches in the US had already succeeded the total number of events in 2020 by 17%, with reputational and financial damage rippling through organizations in all industries. The US was also the top country in the world for data breach costs in 2021, with an average cost of $9.05 million per breach.
High-profile data breaches
In 2021 many businesses were still reeling from the SolarWinds breach – or the Sunburst attack – that was discovered in December 2020. The campaign, believed to be a Russian espionage attempt, resulted in the compromise of over 100 companies, 20% of which were US government agencies, with the remaining 80% being private corporations in a variety of industries, including Cisco, Intel, Deloitte, and Microsoft.
The scale of the SolarWinds breach meant that the fallout was still being felt throughout the year, and the attack was seen by many as a wake-up call to how damaging supply chain attacks can be. The attackers responsible for the breach didn’t rest on their laurels in 2021: Nobelium has continued to target companies around the world for espionage, launching phishing attacks, infiltrating email accounts, and attacking resellers and cloud service providers in the hope of compromising the tech supply chain.
Other high-profile incidents in this past year include an attack on JBS Foods, one of the biggest meat processing companies in the world, which resulted in one of the largest ransomware payments of all time, the hack of Microsoft Exchange servers, and the theft of 700 million LinkedIn users’ data. But of all the cyber attacks in 2021, the ransomware attack on the Colonial Pipeline in late April had the most news coverage; As a key part of critical national infrastructure in the US, the attack disrupted gas supplies along the entire East Coast, causing chaos and mass panic until the ransom of $4.4 million was paid.
Attacks like these point to a variety of trends that have emerged, or worsened, in 2021. Here are some of the latest key cyber trends.
1. The remote working revolution.
The strict COVID-19 lockdowns of 2020 have inspired a change among the workforce, with 85% of managers believing remote work to be the new norm post-pandemic. The blurring of the lines between personal and professional life can increase the risk that sensitive information will fall into the wrong hands, particularly when home offices lack the firewalls, routers, and access management available in the office.
2. IoT adoption and the evolution of tech.
The expansion of the Internet of Things (IoT) in devices like smart watches, voice assistants, and sensors will continue to create more opportunities for cyber attacks as malicious actors find themselves with far more potential entry points. IoT devices also have fewer processing and storage capabilities, making them harder to safeguard.
3. Ransomware attacks are increasing.
The frequency of ransomware attacks has increased dramatically, with 93% more carried out in the first half of 2021 than the same period in 2020. Hackers are employing more sophisticated techniques to hold data hostage, often using machine learning and demanding payment through cryptocurrencies, making it harder to trace.
4. Data privacy frameworks are becoming more stringent.
Numerous data breaches, like those targeted at LinkedIn, Socialarks, and Twitch this year, have led to the exposure of millions of PII records. In the face of tightening and increasing regulations, organizations need to put more effort into their compliance efforts, focusing on multi-factor authentication, encryption, and access control.
5. The security skills gap is overwhelming security teams.
The cybersecurity skills gap continues to persist within most businesses, with security professionals claiming that heavier workloads, unfilled positions, and burnout are to blame for worsening the gap in cybersecurity skills.
The need for real-time visibility
One sign of progress during 2021 came through an Executive Order from the White House in May, which addressed the need for federal government agencies to generate guidelines, conduct evaluations, and implement improvements in their cybersecurity, as well as urging that the private sector follow suit. The only way for these organizations to prevent data loss and protect their customers, and therefore their reputation, is to have visibility of their data in real-time.
Our cyber threat intelligence solution, CleanINTERNET, delivers this visibility at scale. CleanINTERNET uses AI to identify new cyber threats as they develop, aggregating and analyzing over 3,000 global threat feeds to automatically shield 99% of known attacks in real-time. This removes the burden from your internal security team, saves you millions on separate threat feeds, and ultimately means you never need to choose between security for your customers and your own network performance.
Throughout 2021, we’ve focused on how our solution caters to over 15 different sectors, from Healthcare to Legal, Government, and Gambling. Check out all our sector-specific blogs here to see how your business can benefit from CleanINTERNET, no matter what your unique challenges are.