Every year the stats on cyber-attacks seem to get spookier! As we finish October’s Cybersecurity Awareness month, it is a suitable time to review some of the key statistics and trends that can haunt us and help us meet the cybersecurity challenges of the evolving digital ecosystem. There are so many frightening cyber stats that I had room for only a few categories, but they are important ones to know.
The healthcare industry is a continuing prime target for criminal hackers. Consider these realities:
Two-thirds of healthcare organizations hit by ransomware in past year: survey
Two-thirds of healthcare organizations hit by ransomware in past year: survey | Healthcare Dive
“Nearly 40% of healthcare organizations reported it took more than a month to recover after an attack, according to the survey by cybersecurity firm Sophos. The healthcare sector’s increased burden of ransomware attacks comes as other industries face fewer incidents, according to the survey by cybersecurity firm Sophos. Recovery from ransomware attacks is taking longer — sometimes more than a month — as attacks increase against the healthcare industry, About two-thirds of respondents said they were hit by a ransomware attack in the past year, up from 60% the year prior. Just 34% said they were hit by a ransomware attack in Sophos’ 2021 report.”
14M patients affected by healthcare data breaches in 2024
Healthcare organizations remain top targets for cyberthreat actors, according to a SonicWall threat brief that explored trends in healthcare data breaches.14M patients affected by healthcare data breaches in 2024 | TechTarget
“At least 14 million patients in the U.S. have been affected by healthcare data breaches in 2024 so far, a threat brief by cybersecurity company SonicWall revealed. What’s more, 91% of the healthcare data breaches that SonicWall researchers analyzed involved ransomware, highlighting the continued targeting of the U.S. healthcare sector. SonicWall based its report on data from SonicWall Capture Labs, which uses machine learning to collect and retain data about attack vectors and threats in real time. The researchers concluded that healthcare remains a top target for exploitation by cyberthreat actors due to its data-driven nature and reliance on sensitive data.”
Change Healthcare data breach officially affects 100M
Change Healthcare data breach officially affects 100M | Healthcare Dive
“The massive Change Healthcare cyberattack could have compromised data from 100 million people — the largest healthcare data breach ever reported to federal regulators. Responding to the cyberattack has cost UnitedHealth too. Earlier this month, the healthcare giant said it has recorded $2.5 billion in total impacts from the attack through the nine months ended Sept. 30, including $1.7 billion in direct response costs.”
CB Take: The cyber-attack on Change Healthcare is certainly alarming and is another wake-up call. It is not surprising that hackers focus on healthcare. As computers and other devices used for medical care become more networked and linked, the digital world of health management, clinics, hospitals, and patients has become more vulnerable. A more comprehensive approach to healthcare cybersecurity should include better risk management, more investments in cybersecurity to protect systems, and good cyber hygiene.
Dmitry Raidman, CTO & Co-founder, of the company Cybeats offers excellent advice: “Given its critical nature and unique vulnerabilities, the healthcare sector must adopt a multi-layered approach to combat the rise in ransomware attacks. This means strengthening security through continuous network segmentation, deploying endpoint detection, and enhancing user training, as healthcare systems are only as resilient as their most vulnerable points. A proactive, risk-based approach that includes frequent vulnerability assessments and comprehensive data backups is essential to ensure both operational continuity and patient safety. Collaboration with industry stakeholders and sharing threat intelligence can also provide the healthcare sector with a stronger front against these growing cyber threats.”
Ransomware, especially popular for extorting healthcare, has also been deployed across industries and significantly elevated incidents.
Ransomware incidents rose 73% globally in 2023, report shows
Ransomware incidents rose 73% globally in 2023, report shows | StateScoop
“Ransomware attacks rose 73% between 2022 and 2023, according a report published Thursday by the Ransomware Task Force, part of the Institute for Security Technology, a Washington D.C. think tank. The annual report, which includes a map of global ransomware incidents and identifies ransomware trends based on reporting of double-extortion attacks — in which cybercriminals demand ransom payments from victims to keep their data private and off the dark web — found there were 6,670 ransomware incidents in 2023, with more than 2,800 incidents just in the United States.”
Ransomware Will Strike Every 2 Seconds By 2031
“Cybersecurity Ventures predicts that by 2031, ransomware will cost victims $265 billion annually, and it will attack a business, consumer, or device every 2 seconds. Chief information security officers and cybersecurity teams are devoting more time than ever protecting against ransomware. Ransomware gangs are, in almost every case, financially motivated. These cybercriminals will stop at nothing to be paid — whether this means locking up your personal information or grinding the operations of a Fortune 500 company to a halt.”
The 2023 RTF Global Ransomware Incident Map
Institute for Security and Technology2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge – Institute for Security and Technology
“The 2023 RTF Global Ransomware Incident Map presents the task force’s annual map of ransomware incidents and identifies ransomware trends worldwide. In 2023, the data showed 6,670 ransomware incidents, a 73% year-over-year increase from 2022. This increase is consistent with other recently published findings, which demonstrate an overall increase in ransomware activity and illicit cryptocurrency payments. For example, the FBI Internet Crime Center (IC3) reported over 2,825 complaints from the American public alone. According to Chainalysis, ransomware payments broke a new record, totaling over $1 billion in 2023.”
CB Take: Due to the substantial number of easy targets, ransomware will continue to be a devastating threat. A world that is becoming more hyper-connected affects every part of our lives. Maintaining and safeguarding data is an important security requirement for all businesses and organizations. Knowledge of and skill with ransomware can assist in solving numerous safety issues. Cyber hygiene is particularly important as strong passwords, multifactor authentication, and phishing awareness training make a company less of a target. New cybersecurity technologies, tools, and standards can help slow down the staggering rise in ransomware attacks. Actively protecting systems, networks, and devices are essential to make them more resilient
While the healthcare, financial, and educational industries are always prime targets for breaches, no industry or sector is immune. One area to watch is the legal community as they possess valuable and confidential data of clients.
Over one million law firm passwords found on dark web
Over one million law firm passwords found on dark web – Legal Cheek
“New research has uncovered more than a million passwords linked to the IT systems of UK law firms on the dark web. Researchers found that nearly three-quarters (72.2%) of the 5,140 law firms audited had employee username and password combinations that appeared in lists circulating in the darkest corners of the internet. A total of 1,001,313 passwords were discovered, averaging 195 password combinations per firm or 1.27 per individual staff member. Atlas Cloud, the IT outfit that conducted the research, warns that cybercriminals could use this information to infiltrate a firm’s IT systems, potentially gaining access to valuable data or intercepting transactions.
Last autumn, before its merger with Shearman, Allen & Overy confirmed that it had “experienced a data incident affecting a small number of storage servers” after reportedly being targeted by a hacking group with ransomware. Similarly, in 2017, Legal Cheek reported that hackers had taken DLA Piper‘s computer systems and phones offline using malicious software.”
Outside Cybersecurity Subject Matter Expertise Needed!
Nearly 9 in 10 Companies Hiring Outside Cybersecurity Advisers
“87% of companies bring in outside cybersecurity advisers, 72% list cybersecurity as desired board skill
Companies are dramatically increasing their use of external cybersecurity advisers, with 87% now engaging outside experts compared to 43% in 2023, according to new research from EY’s Center for Board Matters. The surge comes as cyber threats grow more sophisticated, with FBI data showing a 10% increase in complaints and a 22% rise in losses to $12.5 billion annually.”
CB Take: Law firms should think about getting help from subject matter experts (SMEs) who know about the newest technologies and compliance/governance rules in the cyber ecosystem. This is because new threats and technology problems pose a higher risk to their clients’ money and reputation. SMEs for the legal community are especially important because the cyber danger comes from both criminal organizations and countries that are at odds with each other. Because of a change in the cyber risk environment, more money is being spent on threat awareness and sharing information, which is important for businesses to stay open. SMEs are a particularly important part of figuring out the danger landscape and finding weaknesses.
According to Enoch Long, long-time cyber security executive says “Cybersecurity SMEs who not only have a GRC expertise, but also have a strong SecOps background can build a risk management strategy for law firms that should focus on education and training, data protection and privacy and IT security best practices. These focus areas will help guide and shape the culture of the firm regarding the type of industry frameworks that will be adopted, implemented which will be utilized for governance, compliance, GDPR requirements, policy development and procedure execution. An SME can help bolster the internal IT security team of a law firm, by recommending the most applicable security tech stack, as well as understanding the cyber geopolitical threat landscape, which is an imperative skill when defending against threat actor groups who target law firms. As the sophistication and craftiness of threats matures and cost of breaches continue to escalate in the legal profession, getting the appropriate outside help is a sensible option.
The Impact of Artificial Intelligence
This is a particularly frightening statistic, as identity fraud is now being significantly enabled by generative artificial intelligence tools:
Deepfake Fraud Doubles Down: 49% of Businesses Now Hit by Audio and Video Scams, Regula’s Survey Reveals
Deepfake Fraud Doubles Down: 49% of Businesses Now Hit by Audio and Video Scams, Regula’s Survey Reveals
“In 2024, every second business globally reported incidents of deepfake fraud, revealing a growing trend in AI-related crimes over the past two years. Meanwhile, fraud involving fake or modified documents now outpaces AI-generated scams. These are the first findings from a new survey* “The Deepfake Trends 2024” commissioned by Regula, a global developer of forensic devices and identity verification solutions.
Regula’s survey data shows a significant rise in the prevalence of video deepfakes, with a 20% increase in companies reporting incidents compared to 2022**. While 29% of fraud decision-makers across Australia, France, Germany, Mexico, Turkey, UAE, UK, and the USA reported encountering video deepfake fraud in 2022, this year’s data — covering the USA, UAE, Mexico, Singapore, and Germany — shows this figure has surged to 49%. This sharp increase across the revised cohort underscores the growing challenge of video deepfakes and their continued threat to businesses. Audio deepfakes are also on the rise, with a 12% increase compared to 2022 survey data.”
AI impersonation emerges as top cyber threat in new report
AI impersonation emerges as top cyber threat in new report
“New research from Teleport reveals that AI impersonation now ranks as the most challenging cyber-attack vector for security experts to defend against, as indicated by 52% of senior leaders surveyed. The 2024 State of Infrastructure Access Security Report issued by Teleport highlights the growing complexity of social engineering techniques, with AI and deepfakes substantially enhancing the effectiveness of phishing scams.
CB Take: Identity theft is a logical target of hackers using AI tools. We have been anticipating artificial intelligence’s arrival and AI is becoming mainstream. Machine learning and natural language processing, which are already commonplace in our daily lives, contributed to the creation of AI. Criminal hackers are automating more of their phishing attacks with artificial intelligence and exponentially reaching many more businesses, agencies, and consumers. Generative AI makes it easy for anyone to become a hacker. Advances in technology have rendered phishing more accessible to cybercriminals. They have easy access to digital images for creating deep fake, and social engineering data to make it more viable. Hackers often combine spear-phishing, a technique they use to target executives at companies or organizations, with ransomware. Throughout its two-decade history, ransomware has grown in popularity because it makes it simpler for hackers to collect money via cryptocurrency.
Emerging Technologies Are Impacting Cybersecurity
Inside Cyber by Chuck Brooks: Reviewed – Irish Tech News
“Inside Cyber, by Chuck Brooks, takes complex ideas about emerging technologies and provides a simplistic explanation of the technology. Brooks takes technology such as quantum computing, 5G, and Artificial Intelligence, and explains the positives and negatives of these new technologies.
We live in a world that seems like it is changing by the day. Keeping up with the times and understanding all of the innovative technology around us can seem like an impossible task, especially as it affects our daily lives. Just a few years ago, artificial intelligence was considered to exist only in sci-fi movies. Cellular speeds are coming close to rivaling Wi-Fi as global satellite communication nears. Countries are scrambling as they prepare for the looming threat of cyber-attacks aided by AI. These modern technologies will forever change the way the world operates. This book dives into what may seem like an existential threat, providing necessary steps to remain safe and secure.”
Generative AI in Security: Risks and Mitigation Strategies
Generative AI in Security: Risks and Mitigation Strategies
“Security teams must balance the risks and benefits of AI. Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems. Pain points security teams should be aware of around AI include:
· The integration of new technology or design decisions introduces vulnerabilities.
· Users must be trained to adapt to new AI capabilities.
· Sensitive data access and processing with AI systems creates new risks.
· Transparency and control must be established and maintained throughout the AI’s lifecycle.
· The AI supply chain can introduce vulnerable or malicious code.
· The absence of established compliance standards and the rapid evolution of best practices make it unclear how to secure AI effectively.
· Leaders must establish a trusted pathway to generative AI-integrated applications from the top down.
· AI introduces unique and poorly understood challenges, such as hallucinations.
· The ROI of AI has not yet been proven in the real world.”
CB Take: We are currently in a disruptive era of technological advancement labeled The Fourth Industrial Era. It is characterized by exponential connectivity of people and devices and involves the meshing of physical, digital, and biological worlds. This includes a multitude of innovative technologies (among others) such as artificial intelligence (AI) & machine learning (ML), robotics, sensors, 5G nanotechnologies, biotech, blockchain, and quantum.
Artificial intelligence (AI) is one to watch as it is a highly intriguing subset of emerging technologies. Science fiction no longer exists in the realm of AI. These days, AI can comprehend, diagnose, and resolve issues from organized and unstructured data, sometimes even without special programming. Although AI can be a useful instrument for cyber defense, threat actors may also take advantage. Malicious hackers are using AI to find and exploit threat detection model weaknesses. Malicious malware can also be distributed using artificial intelligence and machine intelligence to automate target selection, inspect compromised environments before launching further assault stages, and prevent detection.
Quantum technology, especially quantum computing, has immense potential that could change many fields, such as communications, real-time data analytics, biotech, genetic sequencing, and materials science. With its effects on artificial intelligence and the Metaverse, quantum computing will also speed us into the future. But with the good, we need to plan for and stop the bad, especially when it comes to data, which is the lifeblood of industry and trade. Starting right now, it is important to go down a road toward quantum-proof cybersecurity. For more on emerging tech, please also check out my recent FORBES article Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024
As an additional thought, avoid hackers’ tricks by being cyber aware and practicing good cyber hygiene this Halloween and beyond. Be prepared and vigilant!