2021 has been a banner year for cybercriminals, they have taken advantage of the COVID-19 pandemic and the increase in remote work, attacking both technical and social vulnerabilities. This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Piled on top of that is a growing wave of ransomware and software supply chain attacks.
The most vital and current cybersecurity stats below show how threats have grown in scale and complexity over the past year-plus. While most of the research cited here was released within the past year, it does not necessarily reflect today’s risk environment. The data collectively suggest trends that are likely to continue into the near future.
Top cybersecurity threats and trends
A total of 5,258 confirmed data breaches occurred in 16 different industries and four world regions, according to the Verizon 2021 Data Breach Investigations Report (DBIR), which analyzed data from 29,307 incidents. Of those breaches, 86% were financially motivated. That’s a sharp rise from the 3,950 confirmed breaches (out of 32,002 incidents) from the 2020 DBIR.
Nearly half (49%) of IT executives said their top security priority is the protection of sensitive data, according to the 2020 IDG Security Priorities Study, which surveyed 522 IT and security executives.
In 2020, the Internet Crime Complaint Center (IC3) received over 28,500 complaints related to COVID-19, according to the 2020 FBI Internet Crime Report.
IC3 saw a 69% increase in complaints from 2019, receiving 791,790 complaints total, with losses exceeding $4.1 billion. According to IC3, the costliest attacks are business email compromise (BEC) schemes, with 19,369 total complaints and a loss of $1.8 billion.
By September 2020, the average ransom payment peaked at $233,817, according to the 2021 Webroot Brightcloud Threat Report. The report also found that 86% of malware is unique to a single PC, and phishing spiked by 510% from January to February 2020 alone.
Phishing statistics and trends
Phishing and other forms of social engineering, with criminals targeting human rather than technical vulnerabilities, remains a tried-and-true attack method. According to the FBI’s IC3, as of 2020 phishing is by far the most common attack performed by cybercriminals. In 2020, the key drivers for phishing and fraud were COVID-19, remote work, and technology, said the 2021 State of Phishing & Online Fraud Report.
In 2020, 6.95 million new phishing and scam pages were created, with the highest number of new phishing and scam sites in one month of 206,310.
- Key themes used for scams include COVID, gift cards, and gaming hacks.
- The top three industries targeted in phishing attacks were technology, retail and finance.
- The top three countries where scams were hosted were US, Russia and British Virgin Isles.
- The top email service used for phishing kits was Gmail.
Not surprisingly with the increase in phishing attacks, email security was ranked as the top IT security project of 2021, according to the Greathorn 2021 Email Security Benchmark Report.
Botnet statistics and trends
Cybercriminal groups use botnets—automated collections of compromised, internet-connected devices—to disrupt targets via distributed denial of service (DDoS) attacks or enhance the effectiveness of other activities. That includes sending large volumes of spam, stealing credentials at scale, or spying on people and organizations.
Botnets have been a problem for years and it’s getting worse. Many internet of things (IoT) devices have few or no security features, and organizations often fail to follow best practices to mitigate the risks of device compromise.
According to the 2021 Imperva Bad Bot Report, bad bot traffic amounted to 25.6% of all website traffic in 2020, up 6.2% from the previous year. What’s worse, advanced persistent bots (APBs) accounted for 57.1% of bad bot traffic in 2020. That indicates cybercriminals are becoming more sophisticated in their use of botnets.
How criminals use botnets varies by industry. Below is a breakdown of the most common malicious botnet activity in the top five industries with the most bad-bot traffic:
- Telecom and ISPs (45.7%): account takeover, competitive price scraping
- Computing and IT (41.1%): account takeover, scraping
- Sports (33.7%): data scraping of scores, betting odds
- News (33%): custom content scraping, ad fraud, comment spam
- Business services (29.7%): attacks on the API layer, data scraping, account takeover
Over 28% of bots are self-reporting as mobile user agents, an increase of 12.9% from the previous year. This coincides with a drop of over 11% (79.4% to 68%) of bots self-reporting as either Chrome, Firefox, Safari, or Internet Explorer for the same period.
Cloud security statistics and trends
With so many employees now working remote, either full time or in a hybrid environment, more business is also being done on cloud platforms, increasing the need for security policies and controls around cloud infrastructure.
This is evident in the Unit 42 Cloud Threat Report, which found that in the early days of the pandemic employees working remotely grew from 20% to 71%. After the World Health Organization (WHO) declared COVID-19 a pandemic in March 2020, not only did remote work increase but organizations accelerated their cloud migration plans overall. Using data pulled from a global array of sensors, cloud threat researchers found a correlation between the increased cloud spend due to COVID-19 and security incidents. Enterprises quickly scaled their cloud spend in the third quarter of 2020 with an increase of 28% from the same quarter in 2019. In the second quarter of 2020, cloud security incidents:
- Increased by 188% overall
- Grew by 402% in retail
- Grew by 230% in manufacturing
- Grew by 205% in government
Open-source and third-party risks
As businesses accelerate their digital transformations, the popularity of code reuse, which includes open-source libraries and frameworks, has expanded with today’s typical application containing dozens to hundreds of libraries for core functionality. The efficiencies of using libraries like this have in turn created another potential attack vector for cyber criminals. Today the average Java application has 50 open-source vulnerabilities, said the Contrast Labs Open Source Security Report.
- The average application has 118 libraries, but only 38% of those libraries are active.
- The average library uses a version that is 6 years old and has 50 open-course vulnerabilities.
- Java libraries in apps have a 16% chance of having a critical or major vulnerability
- The odds of an app having a vulnerability in a Java library increase from 7% to 44% when the library ages from one to four years.
- 69% of Java apps have a library with a high-risk license
- 99% of organizations have at least one high-risk Java license.
Cyber fraud statistics and trends
The huge increase in traffic and volume across digital channels has led to an historic increase in cyber fraud, with criminals often using the volume to hide their activities. Experts estimate more than $1 trillion was lost globally to cybercrime in 2020. According to the Sift Q1 2021 Trust & Safety Index, in 2020 the pandemic increased online giving by 20.7%. This increase in traffic provided cover to fraudsters that hid behind transaction surges:
- Ransomware attacks grew by over 40%.
- Email malware attacks were up by 600% compared to 2019.
- Loyalty merchants saw fraud rates jump by 275% compared to 2019.
The top three targets by vertical in 2020 were:
- Transportation (8.4% attempted fraud rate)
- Crypto exchanges (4.6%)
- Gaming/gambling (3.7%)
DDoS attack statistics and trends
DDoS attacks are getting bolder and bigger. Akamai, the content delivery network (CDN) and cloud services company, reported mitigating some of the largest attacks ever seen, according to Akamai’s 2020 DDoS retrospective. In 2021 it had already seen more attacks over 50 Gbps than in all of 2019. Akamai also reports the number of customers targeted were up 57% year over year, with numbers increasing to record volume and diversity across regions and geographies.
In March 2021, three of the six biggest volumetric DDoS attacks Akamai ever recorded occurred, including the two largest known DDoS extortion attacks to date.
Ransomware statistics and trends
Ransomware is one of the top threats in cybersecurity. With 878 cyberattacks in 2020, 18% of which were ransomware, according to the Identity Theft Resource Center. Organizations around the world are being held hostage by ransomware, with many paying up solely to avoid the cost and downtime of not paying the criminals. In short, cybercriminals are making and demanding more money than ever.
- The average ransom paid increased 171% from 2019 to 2020 ($115,123 to $312,493), said the 2021 Unit 42 Ransomware Threat Report.
- The highest ransom paid doubled from 2019 to 2020 from $5 million to $10 million.
Defensive preparation and response statistics and trends
The unpredictability of planning for security and budgeting has become even more challenging with the advent of the pandemic. As threat actors have ramped up their efforts in the wake of the pandemic, 31% of respondents believe their risk response efforts are under-funded, According to the 2020 CSO Security Priorities Study.
- 38% said they will spend more on response planning.
- 30% will update and modernize business continuity plans.
- 28% were piloting zero-trust.
- 40% say it’s on their radar or they are evaluating options.
Cybersecurity hiring/staffing statistics and trends
With the increase in remote working and a reliance on technology tools and infrastructure, COVID-19 has shifted demand for certain roles, with an increased need for developers, as well as help desk and cybersecurity professionals, according to a study by Robert Half Technology. This is critical since according to 74% of workers they want to work remotely more frequently following the pandemic, regardless of their business’s hybrid work plans.
IT managers (44%) said they have shortened the hiring process as a direct result of COVID-19 trying to get in demand skilled tech workers in the door before they get poached by other firms. For companies that cannot bring in qualified people from the outside, 42% of companies plan to launch upskilling initiatives, said a Korn Ferry study.
The top three hiring changes Korn Ferry found US companies making due to COVID-19 were:
- Conducted remote interviews and onboarding (54%)
- Shortened the hiring process (42%)
- Advertised fully remote jobs (42%)
There is considerable debate on the internet about whether cybersecurity truly faces a shortage of qualified workers, or whether corporate hiring practices and preferences are creating that perception. Nevertheless, one widely cited stat is ISC2's finding that more than half (57%) of organizations surveyed face increased risks due to staffing challenges.