Cyber attacks are becoming more frequent, more sophisticated and more costly, according to a Accenture and Ponemon Institute report.
The Ninth Annual Cost of Cybercrime Study found that the average cost of cyber crime rose from $11.7 million (about £8.6 million) in 2017 to $13 million (£10.3 million) the following year.
This represents a 12% increase year-on-year and a 73% increase over a five-year span, demonstrating how rapidly the cost of cyber crime is growing.
There has been a similar jump in the number of incidents organisations experience, with an 11% increase year-on-year and a 67% increase between 2013 and 2018.
Perhaps the most concerning find is how cyber criminals have evolved their attacks, with traditional hacking methods being replaced by targeted attacks on employees.
Your weakest link
Employees are often referred to as an organisation’s weakest link, because there is always the risk that they will misappropriate sensitive information or put it at risk.
For example, they might fall for a phishing scam, fail to apply appropriate defences, accidentally delete sensitive information or dispose of it.
Incidents like these are particularly dangerous because there is only so much organisations can do to prevent them. Besides staff awareness training, you must rely on strict information security policies and hope that employees follow them.
It’s no surprise, then, that cyber criminals are increasingly targeting staff. This has primarily been through ransomware, which is typically delivered through infected attachments in phishing emails.
The study found that the number of organisations that reported a ransomware attack increased by 15% between 2017 and 2018, and the average cost rose by 21%.
Ransomware and malicious insiders are the fastest-growing attack methods in terms of cost.
There has also been a sharp increase in the cost of incidents caused by malicious insiders, up 15% in 2018. There are a couple of reasons that a current or former employee would target their own organisation.
Perhaps they were passed over for a promotion or were recently fired and want to hit back at their employer. Alternatively, the attack could be financially motivated, with the insider stealing information to commit fraud or sell on the dark web.
Compromising sensitive data
The report also found that there is a growing trend of attacks that aren’t intended to steal personal data but to compromise it.
Attacking data integrity, by destroying or sabotaging the data, can be far more damaging to an organisation than a standard data breach. This is particularly the case with ransomware attacks, in which organisations must audit the extent of the damage and determine if any information was altered.
This is something individuals should also be aware of when they read about security incidents. Organisations often downplay the severity of a cyber attack by assuring customers that no personal data was stolen.
However, this doesn’t mean the attack wasn’t successful – or that customers won’t be impacted.
Are your employees prepared?
Your employees’ ability to spot scams and respond appropriately is one of the most important factors in your cyber security practices.
There is only so much that technology can do to mitigate this risk, so it’s vital that you invest the same effort in boosting staff awareness as you do in the likes of antivirus software and penetration testing.
Our Complete Staff Awareness E-learning Suite is an ideal place to start. This comprehensive set of training courses will empower your employees to make better security decisions.