Ransomware, cryptojacking, and business email compromise attacks all ramped up the financial losses due to cyber breaches, according to the Online Trust Alliance.
Despite the number of cybersecurity breaches and exposed records falling in 2018, more than 2 million cyber incidents occurred, resulting in over $45 billion in losses, according to the Internet Society's Online Trust Alliance (OTA) in its Cyber Incident & Breach Trends Report, released Tuesday.
A few types of attacks caused the most financial damage, the report found. The financial impact of ransomware rose by 60%, while losses from business email compromise (BEC) attacks doubled, and cryptojacking attacks more than tripled over the past year.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
The actual financial impact of cyberattacks is likely higher than $45 billion, as many incidents go unreported, OTA noted.
OTA tracked and analyzed threat intelligence data from sources including Risk BasedSecurity, Identity Theft Resource Center, Privacy Rights Clearinghouse, DLA Piper,Symantec, and the FBI to build its report.
"While it's tempting to celebrate a decreasing number of breaches overall, the findingsof our report are grim," Jeff Wilbur, technical director of OTA, said in a press release. "The financial impact of cybercrime is up significantly and cyber criminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we've seen in the past."Ransomware: How healthcare organizations can stay ahead of attacks
This eBook cover the essentials on ransomware attacks facing the healthcare industry — including how they work, why they’re so malicious, and the best way to protect your organization.
Along with ransomware's resurgence in financial impact and the rise of cryptojacking, attacks via third parties also became more prevalent in 2018, OTA found. The most notable such attack was Magecart, which infected the payment forms on more than 6,400 e-commerce sites worldwide.
AOC 'SQUAD' HOLDS PRESS CONFERENCE CALLING TRUMP 'OCCUPANT' OF WHITE HOUSE@FOX NEWS
Misconfigured cloud services left sensitive data out in the open in 2018, and credential stuffing attacks also become more popular, the report noted.
Perhaps most disheartening fact is that the vast majority of breaches in 2018—95%, by OTA's estimates—could have been avoided through simple approaches to improving security.
OTA provided the following checklist for organizations to improve their cybersecurity practices:
Complete risk assessments for executive review, operational process and third-party vendors
Review security best practices and validate your organization's adoption or rationale for not adopting
Audit your data and review your data stewardship practices, including data lifecycle management
Complete a review of insurance needs including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
Establish and regularly test an end-to-end incident response plan including empowering 24/7 first responders
Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs. messaging to media vs. notifications to customers)
Review remediation programs, alternatives and service providers
Implement ongoing employee training for incident response
Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
Understand the regulatory requirements, including relevant international requirements
"Our report findings indicate that cybercriminals are using their infiltration ability to focus on new, more lucrative attacks," Wilbur said in the release. "Staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future."
For more, check out How to become a cybersecurity pro: A cheat sheet on TechRepublic.
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
10 dangerous app vulnerabilities to watch out for (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
The best password managers of 2019 (CNET)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
15 Nov, 2019  0  Comments
The government has announced plans to invest more than 350 million shillings in a skills development programme for Public Communication and Information officers.
According to Ministry of... ...Read More
Chief Justice David Maraga has downplayed the absence of key Government officials during the National Council on Administration of Justice (NCAJ) meeting.
Senior Government officers among... ...Read More
When talking about international intelligence-sharing agreements, things can get complicated fast. Don’t worry—we are going to quickly walk you through the key information... ...Read More
The U.S. government spies quite a bit on their own citizens. But these days, who doesn't?
This article originally appeared on GlobalPost.
The US... ...Read More
Sign up to receive our free newsletters!
We do not spam. We value your privacy!
© 2019 Just40days.com. All Rights Reserved. Developed by HariOm Technologies