DATASTREAMRanked: The Top Cyberattacks Against BusinessesPublished 1 month ago on September 9, 2022
By Marcus Lu
Graphics/Design:
Pernia Jamshed
Tweet
Share
Share
Reddit
Email
The following content is sponsored by Global X ETFs.
Ranked: The Top Cyberattacks Against Businesses
Cyberattacks hit a record high in 2021, continuing the momentum that had developed during the COVID-19 pandemic. One reason for this increase is the shift to remote work, which has opened up new vulnerabilities. Home networks are typically less secure, and the rapid rise in the use of online services means security is falling behind.
In this graphic sponsored by Global X ETFs, we’ve visualized survey results showing the 10 most successful types of cyberattacks in 2021.
The Results
These results are from a 2021 whitepaper by Osterman Research, a market research firm focused on cybersecurity. They surveyed 130 cybersecurity professionals from mid and large-sized organizations to see which types of attacks were the most prominent.
Type of Attack Percentage of respondents (%)
Business email attack was successful in tricking a lower-level employee 53%
Phishing message resulted in a malware infection 49%
Phishing message resulted in an account being compromised 47%
Domain name was spoofed to perpetrate phishing campaigns 38%
Ransomware was detected before it could be activated 34%
Business email attack was successful in tricking a senior executive 28%
Domain name impersonation resulted in a third-party being compromised 16%
Phishing message resulted in a ransomware infection 14%
A ransomware attack was successfully launched 10%
A ransomware attack rendered internal IT systems non-operational 10%
Source: Osterman Research (2021)
The report notes that these figures may be understated because organizations are likely to downplay their security incidents. Organizations may also lack the capability to detect all types of cyberattacks.
The Impact of Phishing Attacks
Phishing refers to an attack where the perpetrator pretends to be a trusted entity. These attacks can be carried out over email, text message (SMS), and even social media apps. The goal is often to trick the victim into opening a malicious link.
According to the whitepaper, opening malicious links can result in credential theft or ransomware infections. Credential theft is when attackers gain access to internal systems. This is incredibly dangerous, as it allows attackers to commit fraud, impersonate company officials, and steal data.
A powerful tool for preventing credential theft is multi-factor authentication (MFA). This method requires users to provide multiple verification factors to access a resource (instead of a single password).
The Threat of Ransomware
Ransomware is a type of cyberattack that involves blackmail, often for financial gain. For ransomware to be successfully planted, attackers must first gain access to a company’s networks.
Access can be gained through phishing, as discussed above, or alternate means such as compromised software updates. One such attack impacted over 57,000 Asus laptop owners in Russia after hackers created a malicious update tool on an official Asus server.
Cybercriminals have become increasingly ruthless in how ransomware attacks are executed.
– OSTERMAN RESEARCH
Researchers have warned that ransomware attacks are becoming more dangerous and sophisticated. In addition to locking organizations out from core systems, hackers are also stealing data to increase their leverage. If a ransom is not paid, the stolen data may be published or even sold to the highest bidder.
Under Siege
The rising frequency and sophistication of cybercriminal activity is a major threat to the world.
According to the World Economic Forum’s 2022 Global Risks Report, ransomware attacks have increased by 435% since 2020. Furthermore, there is an estimated shortage of 3 million cybersecurity professionals worldwide.
To catch up, businesses and governments are expected to increase their spending on cybersecurity over the next several years.
The Global X Cybersecurity ETF is a passively managed solution that can be used to gain exposure to the rising adoption of cybersecurity technologies. Click the link to learn more.
