Cybersecurity in 2022 – A Fresh Look at Some Very Alarming Stats

 

Cybersecurity and Healthcare

Most hospitals and healthcare facilities have traditionally focused their budgets on acquiring new medical technologies and improving patient care. Covid19 put a huge burden on budgets and hackers have exploited cyber vulnerabilities, especially via ransomware. 

Healthcare Cybersecurity Report 2021-2022 Healthcare Cybersecurity Report 2021-2022 (herjavecgroup.com)

“70% of recently surveyed organizations reported that healthcare ransomware attacks have resulted in longer lengths of stays in hospital and delays in procedures and tests that have resulted in poor outcomes including an increase in patient mortality.”

Half of internet-connected devices in hospitals are vulnerable to hacks, report finds Half of internet-connected devices in hospitals are vulnerable to hacks, report finds - The Verge

“Over half of internet-connected devices used in hospitals have a vulnerability that could put patient safety, confidential data, or the usability of a device at risk, according to a new report from the healthcare cybersecurity company Cynerio.

The report analyzed data from over 10 million devices at over 300 hospitals and health care facilities globally, which the company collected through connectors attached to the devices as part of its security platform.”

 

Cybersecurity and IoT Devices:

With everything and anything connected, hackers can take advantage of many attack vectors and weak device passwords. The threat is growing as IoT expands.

Top 10 cyber security threats in 2021 List secondary lists page (cybermagazine.com)

According to Symantec, IoT devices experience an average 5,200 attacks per month. The fact that a majority of new IoT devices are still in their infancy means there is a much larger attack surface for cybercriminals to target the vulnerabilities associated with them.

For a deep dive on the IoT Cybersecurity conundrum, Please see my slide below and  FORBES article: Cybersecurity Threats: The Daunting Challenge of Securing the Internet Of Things: Cybersecurity Threats: The Daunting Challenge Of Securing The Internet Of Things (forbes.com)

 

Ransomware:

Although ransomware has been around for decades, in 2021 it became a preferred cyber-weapon of choice for hackers. Being able to exfiltrate and hold hostage data for payment of cryptocurrencies has made the deployment of ransomware a growing trend.

Ransomware Statistics, Trends and Facts for 2022 and Beyond Ransomware Statistics, Trends and Facts for 2022 and Beyond (cloudwards.net)

5 Key Ransomware Statistics:

1. Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.
2. In 2021, 37 percent of all businesses and organizations were hit by ransomware.
3. Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
4. Out of all ransomware victims, 32 percent pay the ransom, but they only get 65 percent of their data back.
5. Only 57 percent of businesses are successful in recovering their data using a backup.

Please also see my recent FORBES article:

Ransomware on a Rampage; a New Wake-Up Call Ransomware on a Rampage; a New Wake-Up Call (forbes.com)

“The sobering reality is that ransomware is on a rampage. Ransomware will continue to be a destructive threat because there are so many available soft targets. We live in an increasingly hyper-connected world that impacts all aspects of our lives. From now and onward, managing and protecting data will be a security imperative for every industry and organization.

Awareness and understanding the ransomware threat can help address many of the cybersecurity challenges. Emerging cybersecurity technologies, mitigation tools, and protocols can help limit the exploding trend of ransomware attacks. Taking pro-active measures to protect systems, networks, and devices, and be more resilient, need to be part of a new wake-up call.”

 

Compendiums On Cybersecurity Statistics:

If you seek a more comprehensive overview of cybersecurity stats, please check out these compendium articles. They cover many policy, operational, and industry specific elements of the cybersecurity ecosystem.

• 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics (cybersecurityventures.com)t is estimated that an organization suffered a ransomware attack every 11 seconds in 2021, according to Cybersecurity Ventures, and it is expected there will be a new attack on a consumer or business every two seconds by 2031.

CRYPTOCRIME

• Cryptocrime, or crimes having to do with cryptocurrencies, are predicted to exceed $30 billion in 2025, up from an estimated $17.5 billion in 2021, according to Cybersecurity Ventures.

CYBERSECURITY SPENDING

• The imperative to protect increasingly digitized businesses, Internet of Things (IoT) devices, and consumers from cybercrime will propel global spending on cybersecurity products and services to $1.75 trillion cumulatively for the five-year period from 2021 to 2025, according to Cybersecurity Ventures, up from $1 trillion cumulatively from 2017 to 2021.

VENTURE CAPITAL

• Cybersecurity Ventures tracked more than $23 billion in venture capital devoted to cybersecurity companies in 2021.

Cybersecurity Ventures Infographic:

 

All the Cybersecurity Statistics, Figures and Facts You Need to Know in 2022

All the Cybersecurity Statistics, Figures and Facts You Need to Know in 2022 | Cybersecurity | CompTIA

“State Sponsored Threats: According to Microsoft, nearly 80% of nation-state attackers targeted government agencies, thinks tanks and other non-government organizations.

The United States remains the most highly targeted country with 46% of global cyberattacks being directed towards Americans

Cost of Cybercrime rising: The cost of cyber crime has risen 10% in the past year.

Cybersecurity Workforce: it’s estimated that there will be 3.5 million unfilled cybersecurity jobs by the end of 2025.

The pandemic presented lots of new cybersecurity issues and companies are working diligently to ensure they are prepared for anything that comes their way in the future. Expect to see the following.

• Enhanced software supply chain security.
• Ransomware will become more of a problem for businesses.
• Companies are transitioning to a zero trust framework for cybersecurity.
• Increased scrutiny on the cybersecurity measures of third-party providers.
• Rise in cyber insurance to offer further protection for businesses.”

22 Cyberstatistics to Know for 2022

Phishing Attacks: Phishing attacks were connected to 36% of breaches, an increase of 11%, which in part could be attributed to the COVID-19 pandemic. As might have been expected, threat actors have been observed tweaking their phishing campaigns based on what’s making the news at any moment in time. (Verizon 2021 Data Breach Investigations Report)

Cost of Data Breach: 2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis. (IBM Cost of a Data Breach Report 2021)

Ransomware Payouts: Cryptocurrency has been the preferred payment method for cybercriminals for a while now, especially when it comes to ransomware. As much as US$5.2 billion worth of outgoing Bitcoin transactions may be tied to ransomware payouts involving the top 10 most common ransomware variants. (FinCEN Report on Ransomware Trends in Bank Secrecy Act Data)

DDoS Attacks: The number of distributed denial-of-service (DDoS) attacks has also been on the upward trend, in part due to the COVID-19 pandemic. 2020 saw more than 10 million attacks occur, 1.6 million attacks more than the previous year. (ENISA Threat Landscape 2021)

_{Cybersecurity Statistics for 2022 (Infographic)}

_{Cybersecurity In The Year Ahead}

The Top 22 Security Predictions for 2022 The Top 22 Security Predictions for 2022 (govtech.com)

Dan Lohrmann is one of the world’s most knowledgeable and prolific cybersecurity experts. His article on predications for 2022

“What will the New Year bring in cyber space? Here’s your annual roundup of the top security industry forecasts, trends and cybersecurity prediction reports for calendar year 2022.

Last December in “The Top 21 Security Predictions For 2021,” I noted the following summary of expected trends for 2021:

• There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. More attacks will occur on home computers and networks, with bad actors even using home offices as criminal hubs by taking advantage of unpatched systems and architecture weaknesses.
• The rush to cloud-everything will cause many security holes, challenges, misconfigurations and outages.
• More growth in the security industry. Our numbers of new products and new mergers and acquisitions will cause network complexity issues and integration problems and overwhelm cyber teams.
• Privacy will be a mess, with user revolts, new laws, confusion and self-regulation failing.
• Identity and multi-factor authentication (MFA) will take center stage as passwords (finally) start to go away in a tipping-point year.
• Tons of high-profile IoT hacks, some of which will make headline news.
• Ransomware will get worse and worse — with new twists, data stealing prior to encryption, malware packaging with other threats and very specific targeting of organizations.
• Lots of 5G vulnerabilities will become headline news as the technology grows.
• Advanced Persistent Threats (APT) attacks will be widely available from criminal networks. The dark web will allow criminals to buy access into more sensitive corporate networks.

New focuses this year cover:

• Cyber threats in space.
• A heavy emphasis on operational technology (OT) cybersecurity — vulnerabilities, threats and impacts.
• A strong emphasis on cryptocurrencies and crypto wallet security attacks. As Bitcoin and other cryptocurrencies rose in 2021, now the bad actors want your bitcoins even more.
• More application security vulnerabilities — especially when code is widely used, such as the Log4j vulnerabilities.
• Issues created by a lack of talent and vacancies in public- and private-sector organizations — as the talent war gets worse.
• Renewed emphasis (but in new ways) on AI, autonomous vehicles, drones and other new technologies being hacked.
• Note that security industry vendor acquisitions have changed many of the familiar names, such as the activities with FireEye, McAfee Enterprise and Mandiant.  

Industry expert Chuck Brooks also offered these security predictions for the new year on the AT&T website. Here are two:

• More automation and visibility tools will be deployed for expanding protection of remote employee offices, and for alleviating workforce shortages. The automation tools are being bolstered in capabilities by artificial intelligence and machine learning algorithms.
• Cybersecurity will see increased operational budgets because of more sophisticated threats and consequences of breaches (and especially ransomware) to the bottom line. Cybersecurity becomes more of a C-Suite issue with every passing year as breaches can be disruptive and devastating for business.”

 Conclusion:

I only touched a tiny bit of the topics and issues relating to cybersecurity stats and predictions. Please see my analysis on protecting critical infrastructure and supply chains as we move forward in 2022. It is a large and important challenge!  I will revisit new stats later in the year ad cybersecurity is never static.

 

About Rippleshot:

Rippleshot uses machine learning and automation to detect high risk merchants and fraudulent transactions to help financial institutions protect themselves and proactively stop card fraud. Contact us today to learn more and schedule a product tour.