Cyber breaches were at an all-time high in 2021 and will only continue to get bigger. While there were high profile hacks such as the Keystone Pipeline, Microsoft Exchange and the SolarWinds hack make the news, there were thousands of other attacks that did considerable damage to companies that were not publicly reported
Part of this surge in cyber scams is the fact that the COVID 19 Pandemic has continued to rage on. When people were forced to work from home due to stay at home orders, workers moved from well secure, managed, monitored, and updated networks to at home networks which had various levels of security, outside the security walls set up by many companies. This has allowed was an open buffet for cyber criminals. New methods such as Zoom bombing and cryptojacking has made working from home dangerous without the proper security protocols in place. Zoom bombing is where people hack into a Zoom call and causes disruptions, such as what happened in the Italian Senate when a pornographic video was hacked in. Cryptojacking is taking an unsuspecting victim and use it to mine cryptocurrency.(1)
This is reflected in the Identity Theft Resource Data Breach Annual Report for 2021. From the data they have compiled, several numbers stand out:
- There were 1,862 compromises that they found, 68 percent higher than 2020, its is also over 23 percent over the previous record
- 83 Percent of data events recorded involved sensitive information such as Social Security numbers. Compared to 2020, it increased slightly, but well below 2017, where almost all of the events, about 95 percent, involved such data
- Ransomware is expected to surpass Phishing in 2022 as the number 1 cause of attacks. As it is, they have doubled in number of involved breaches in 2020 and 2021.
- Supply Chain Attacks were among the biggest headline causes as the supply chains around the world were still recovering from COVID related shutdowns. As a stand alone cause, they would be fourth leading cause of compromises. The complexity of these attacks blurs the root cause of many of these attacks. The Kaseya breach in Europe and the Colonial Pipeline in the US shut down key infrastructure for days as hackers exploited known vulnerabilities. In these breaches, fraudulent actors were able to affect a multitude of companies/people by attacking one company that affected many.
- Every sector saw increases in breaches reported, save the military, which had no publicly disclosed breaches. The biggest victims were Manufacturing and Utilities.
- The number of unique victims is down compared to 2020, but the number of repeat attacks continue to be high.(2)
There are many things that can contribute to an increased number of breaches. Chief among these is the lingering usage of legacy systems. Legacy systems are programs and networks that are old and no longer supported by the various IP providers. As a result, they do not get the updates that they need to prevent vulnerabilities like the log4j issue.
Many networks, especially in older companies still run programs like Windows 7, Windows 8. The issue is that Apple, Windows, and other IP providers discontinuing support for many older programs. While current programs such as Windows 11 are updated daily, these older programs no longer receive such support. Software companies daily develop patches and updates to their software to protect against new and emerging threats. Most, if not all of the current systems vulnerabilities were not even known or discovered until well after such outdated systems were developed.
The cost of updating these systems can be significant and many companies opt to postpone updating. The investment need to update systems to run the newest programs such as Windows 10, 11 and any Apple IOS system takes time and money. Companies dealing with the struggles of the last two years have opted to keep current systems until the market settles and they can once again focus efforts on infrastructure. This makes them valuable targets for exploiting, because new patches are not available to emerging vulnerabilities.
In Singapore for example, “Last year, a Singaporean e-commerce giant received an attack on its online supermarket platform, where 1.1 million users’ personal information, including names, numbers and partial credit card numbers, were stolen. Its cybersecurity team detected the customer database was taken from a legacy system, which was more than 18 months out of date at the time of the attack. The company has since stopped using the system and taken the necessary actions to strengthen its cybersecurity.”(3)
Looking forward to 2022, there are many things that will continue to be an issue. As we evolve to a more remote workforce, companies will need to make further investments in systems and security and consider how and how often systems are updated. Ransomware will continue to be the number one cause of cyber intrusions, as the attacks become more tarted via phishing and social engineering. Supply chains, already weakened thanks to the pandemic will continue to be targeted and grow in complexity and number. (4)
