On July 9, 2019, the Internet Society’ Online Trust Alliance (OTA) released the 2018 Cyber Incident & Breach Trends Report. The report analyzes incident and breach events to extract significant findings and provides guidance to help organizations protect and defend against evolving threats in the industry.

Background

The OTA tracked an analyzed threat risk intelligence data from numerous sources, including but not limited to, Risk Based Security, Identity Theft Resource Center, Symantec, Privacy Rights Clearinghouse, and the FBI in order to compile the data used to build its report surrounding cyber incidents of 2018.

Findings

In 2018, although the number of cybersecurity events and exposed records is down from previous years, over 2 million cyber incidents took place, resulting in over $45 billion dollars in losses.

The report notes that a select few types of attacks caused the most significant financial damage. The financial impact of ransomware rose by approximately 60%, where losses from business email compromise (BEC), or phishing attacks, more than doubled, and crypto currency attacks more than tripled over previous year.

In truth, the actual financial impact of cyberattacks is very likely to be higher than $45 billion, as many incidents go unreported, and undiscovered, the OTA noted.

“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim. The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”

Jeff Wilbur, Technical Director of OTA

Majority of Breaches: Completely Avoidable

Likely the most upsetting fact provided by the report is that the majority of breaches in 2018, 95% by OTA’s estimate, were completely avoidable through basic security measures.

The OTA provides the following checklist for organizations to improve their overall cybersecurity practices:

  1. Complete risk assessments (penetration testing) for executive review, operational process and third-party vendors.
  2. Review security best practices and validate your organization’s adoption or rationale for not adopting.
  3. Audit your data and review your data stewardship practices, including data lifecycle management.
  4. Complete a review of insurance needs, including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
  5. Establish and regularly test an end-to-end incident response plan including empowering 24/7 first responders.
  6. Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
  7. Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
  8. Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs. messaging to media vs. notifications to customers.)
  9. Review remediation programs, alternatives and service providers
  10. Implement ongoing employee training for incident response
  11. Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
  12. Understand the regulatory requirement, including relevant international requirements.

“Staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future.”

Jeff Wilbur, Technical Director of OTA

The take-home message that this report demonstrates is that cybercriminals have switched emphasis and are now using their abilities to focus on more lucrative attacks. The best way to prevent these attacks is to stay current with the latest cybersecurity safeguards and commit to penetration testing on at least an annual basis to ensure your organization is protected.

For more information on any of the items here, please contact us.