Cyberattacks are increasing, and your organization may be making itself a high-profile target for attackers, according to a Radware report.
Cyberattacks are an unfortunate though inescapable consequence of an internet-connected world. The motives behind these attacks, however, is not always purely for financial gain, according to Radware's Global Application & Network Security Report. In 2018, only 51% of attacks were financially motivated, while 31% percent of attacks related to politics, hacktivism, or social causes. Insider threats and corporate espionage follow close behind at 27% and 26% each, with with cyberwar and angry users tied for fifth at 18%.
Socially motivated hackers have the capacity to be particularly disruptive. Recent such attacks include a series of attacks commandeering unprotected printers and Chromecast devices to print messages in support of a controversial Swedish YouTuber, as well as a fake apology posted to the Wall Street Journal embroiled in a dispute with said YouTuber. More consequential hacks include a data dump of personal details of German politicians, North Korean hackers attacking Sony Pictures due to displeasure over a satirical film, and the hack of affair hookup website Ashley Madison.
Attracting hacktivists is an unfortunate side-effect of companies taking social stances, particularly for social benefit corporations.
Radware estimates the average cost of a cyberattack at $1.1 million, with a 60% increase in estimates above $1 million in 2018. The estimated costs of cyberattacks are highest in the retail and high-end sectors, according to the report, at $1.73 and $1.70 million, respectively. Healthcare placed third with $1.43 million, while costs of cyberattacks lowest in the education sector, at $310,000.
Malware and bots continue to be the primary mode of attack, with 76% of attacks relying on that technology. Social engineering attacks such as phishing continue to grow, with 65% of attacks relying on those methods, up 11% since 2016. Ransomware appears to have peaked in 2017 at 59%, falling to 38% in 2018, according to the report. In exchange, malicious actors are planting cryptominers on vulnerable systems, with 20% of attacks leveraging that technology. Likewise, the report indicates that 14% of respondents reported being a victim of both ransomware and cryptoming attacks.
Radware predicts that attackers will refocus efforts in the future to hold Internet of Things (IoT) devices themselves for ransom, demanding cash from consumers to regain control of IoT devices they purchase. As major appliances such as refrigerators, washing machines and dryers, as well as big-ticket items like cars are adding smart capabilities, the security risk inherent to those capabilities is likely to be realized in the near future.