2021 Cyberattack Trends and 2022 Projections

2021 Cyberattack Trends and 2022 Projections

Tyler Technologies Tyler Technologies

Tyler Technologies

Empowering people who serve the public

Published Jan 13, 2022
+ Follow

Where we’ve been and where we’re headed

Rampant chaos is probably the best phrase to describe 2021 and projected 2022 cyberattack activity. As the ever-evolving threat of cyberattacks continues to escalate, cybercriminals are finding new ways to adapt, learn, and infiltrate smart devices, computers, systems, and network infrastructure. They are doing this with alarming precision and frequency. Their end game is to steal, manipulate or destroy critical data, hold organizations and agencies ransom, or simply cause catastrophic upheaval. Cybercriminals can also leverage a compromised system to further launch attacks against other computers or environments. 

 Financial gain, swaying public opinion, and cyber warfare are just some of the desired outcomes that drive cyberattacks. Spanning the last three decades, cybercriminals have evolved from 1990’s script kids into sophisticated criminals and groups with a war chest of technology, leverage, and resources in their arsenal.

 Like bullies, cybercriminals hide in the shadows of digital infrastructure, waiting to strike and exploit agencies, corporations, and individual weaknesses. At the same time, IT and cybersecurity teams grapple with how to prioritize resources to combat each new wave of advanced threats. In this effort, to be forewarned is to be forearmed.

 Tyler Technologies’ Cybersecurity team has compiled the following 2021 cyberattack statistics to provide greater insight into the cyberthreat landscape for 2022.

2021 Costs, Facts, and Outcomes of Cybercrime Incidents

2021 saw a wave of devastating cyberattacks that left organizations vulnerable to hacker demands. With names like DarkSide, REvil, Clop, Syrian Electronic Army, and FIN7, online criminal organizations sound like super villains right out of Marvel Comics. Truthfully, they are worse. Cybercriminals pose devastating threats to national security, local governments, corporations, and individuals. The unfortunate reality is that no one entity or individual is immune to being attacked. Sadly, society has become a sitting target for cybercrime activity.

  • In three years, cybercrime costs have impacted the global economy by nearly $1 trillion annually — 50% more than in 2018. That’s more than 1% of total Global GDP.
  • The average cost of ransomware attacks rose to $220,000 in 2021, up 43% from the fourth quarter of 2020.
  • The average cost of a data breach in 2021 was $4.42 million, up from $3.86 million in 2020.
  • A data breach compromising 1-10 million records costs an organization $50 million on average. Compromising 50 million records can cost as much as $392 million.
  • The average cost of a data breach was $2.45 million for organizations with fully deployed security automation, compared to $6.03 million for those lacking security automation, detection, and protocols.
  • Enterprises with efficient cyber-attack prevention strategies can save up to $1.4 million for each averted attack.

The Concerning State of Cyberthreat Preparedness in 2022

The staggering number of organizations still lacking effective incident response and prevention strategies and detection solutions is alarming. The question is, when is a firewall not enough? Short answer: It’s never enough. The most effective means to evading a threat is twofold: plan for it and detect it before the threat becomes a breach.

 Simply using a firewall is akin to a lock on the front door of your house. It may stop an intruder momentarily but will eventually get picked. Agencies and organizations that are prepared and armed with effective cybersecurity practices, detection solutions, and protocols with trained incident response (IR) teams are unquestionably better protected from an external threat becoming a full-on breach.

  • Only 24% of cybersecurity professionals invest in cyberattack detection and prevention.
  • 56% of organizations do not have a cyber incident response plan.
  • 32% of the remaining 44% are not confident in the plan’s effectiveness.  
  • 46% of professionals consider the lack of security protocols for third-party access to internal data as one of the biggest hindrances to an effective data breach response.
  • 45% of IT professionals recognize account hijacking as their largest security concern.
  • 74% of organizations are not aware of the total amount of digital keys and certificates they have.
  • 70% of office workers use their work devices for personal tasks.
  • 69% of employees use personal laptops or printers for work activities.
  • 30% of remote workers have let someone else use their work device.

Most Common Types of Cyberattacks and Their Impact

As cybercriminals evolve technologically, building upon an arsenal of tradecraft, skillset, and greed, 2022 is forecasted to surpass all records for cybercriminal activity. Based on trending cybercrime activity and organizational vulnerability, the most common threats projected to expose companies and their data in 2022 paint a genuinely concerning landscape. Leading types of attacks for 2022 will include malware, ransomware, phishing, DDoS, and cryptocurrency attacks.

Malware

Malware, a blanket term for all kinds of malicious software, is designed to damage computer systems. Types of malware can range from viruses and trojans to worms, ransomware, adware, spyware, botnets, and rootkit. Since the 1970s, malware has been used for causing disruptions, extortion, implementing cyber warfare strategies, and much more.

  •  In 2021, 34% of organizations suffered from security incidents involving malware.
  • Malware and spyware present the largest total cost damages for organizations, followed by data breaches.
  • The cost of 50,000 records compromised by malware is approximately $6.3 million.
  • Cybercriminals stole nearly 30 million user login credentials from almost one million websites through custom malware between 2019 and 2021.

Ransomware

Ransomware, a type of malware that encrypts files in an infected system, often displays a message that specifies an amount that must be paid to retrieve the encrypted files. Ransomware can either be downloaded by opening an email attachment or malicious file, or it can be self-propagating like a worm, making it even more difficult to contain.

  • Ransomware accounted for 27% of the data breaches involving malware infections.
  • Damages incurred by ransomware reached $20 billion in 2021, 57 times higher than damages in 2015.
  • The average ransom paid by organizations nearly tripled from $115,123 in 2019 to $312,493 in 2020.
  • The FBI reported an increase of more than 225% in total losses from ransomware in the U.S. in 2020.
  • 80% of organizations that paid a ransom were hit by a second attack, with nearly half being hit by the same threat group.

Phishing

One of the most prevalent forms of cyberattacks is phishing. It involves a malicious actor impersonating a trustworthy entity to obtain data. Such attacks are launched via websites, emails, or other means. Attackers either trick victims into providing sensitive information, like credit card information or passwords, or into downloading malicious attachments. 

  • 38% of cyberattacks on U.S. companies involve phishing. 
  • 38% of end-users without cybersecurity awareness training fail phishing tests.
  • Over two million phishing sites were detected by Google in 2021.
  • A new phishing site is launched every 20 seconds.
  • Approximately 5% of all emails are phishing.
  • Non-executive accounts are targeted 77% more than other accounts.

DDoS

A DDoS is a cyberattack that disrupts the availability of online systems or services, overwhelming servers with massive request traffic volume. To launch a DDoS attack, attackers take control of multiple computer systems, including IoT devices. 

  • The number of DDoS attacks is expected to reach 14.5 million by 2022. 
  • More than 90% of DDoS attacks in the third quarter or 2020 lasted fewer than four hours, indicating how DDoS attacks are becoming less prolonged but more frequent and intense. 
  • The worldwide spending on IoT security is expected to reach $3.1 billion in 2021. 
  • As many as 5,200 cyberattacks are launched against IoT devices each month.

Cryptocurrency Statistics

Cybercriminals are utilizing computing resources to mine cryptocurrency, also known as cryptojacking. Cybercriminals either infect a website with cryptomining code or simply convince a user to download or click on a malicious link. 

  • Cryptojacking comprises 2.5% of all malware attacks.
  • Approximately $1.4 billion in cryptocurrency was stolen in the first half of 2020. 
  • Cryptojacking escalated by 163% in Q2 of 2020, as compared to Q1. 

Most Impactful Cyberattacks and Data Breaches of 2021

As with every year, 2021 had its share of data breaches and security incidents, impacting many organizations globally. The Log4j vulnerability that became public on December 10, 2021, quickly established itself as one of the most significant security threats of the year, though it was by far not the only issue engaging security teams.

 These attacks and the data above reinforce the challenges agencies, local governments, and organizations faced in 2021 — and without a doubt will continue to face in 2022. Below are three of the most impactful breaches, attacks, and vulnerabilities of 2021.

  • The Colonial Pipeline attack is the most infamous of 2021. A Russia-based hacking group called DarkSide claimed responsibility for the attack. DarkSide successfully carried out the attack by focusing on Colonial Pipeline’s IT servers in its operational SCADA stack. Attackers infiltrated the network, sending compressed malware into the system resulting in the temporary shutdown of the pipeline. Ransomware was paid in the amount of $4.4 million (75 bitcoin at the time of payment, although $2.3 million was later recovered).
  • CNA Financial is one of the largest insurance companies in the United States. The company announced that it had fallen victim to a sophisticated cyberattack in late March 2021. The company negotiated its ransom to $40 million and paid for the decryption key that it needed to continue operations. A cybercrime syndicate used a type of malware called Phoenix CryptoLocker.
  • In May of 2021, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files, leaking images of sensitive financial documents and spreadsheets. 

The Cybercrime Future for 2022 and Beyond

As we enter 2022, the question is not if an attack will happen, but how prepared an organization is when an attack inevitably occurs. Favored tools of cybercriminals will continue to focus on social engineering, hacking, and malware. In 2022, it is estimated that organizations will fall victim to a ransomware attack every 11 seconds. Threat readiness, detection, and response are the keys to protecting organizations in today’s highly volatile digital environment.

  • Cyberattacks are expected to cost organizations $8 trillion globally in 2022 and are estimated to cost $10.5 trillion by 2025.
  • The sophistication and scale of cyberattacks will continue to break records. We can expect a rapid increase in the number of ransomware and mobile attacks.
  • Global ransomware damage costs are predicted to surpass $20 billion in 2022 and reach $265 billion by 2031.
  • Deepfake attacks will become a more-utilized method for hackers in 2022.
  • Global spending on cybersecurity is forecasted to reach $133.7 billion in 2022.

What to Do and How to Prepare

There is foreboding and concern cybercrime activity is forecasted to surpass record levels with indiscriminate threats. This means no one is immune to the risk of a breach. Fortunately, there are ways organizations can protect themselves against escalating threats such as firewalls, anti-virus software, and intrusion detection solutions, along with advisory and assurance planning, testing, and employee training. The most effective approach is to not only adopt comprehensive security processes and protocols at every level of the IT stack, but also include all business processes in that approach.

 Tyler Technologies’ team of cybersecurity professionals offers the following suggestions to assist organizations in proactively addressing potential weaknesses before they can be leveraged by attackers.

  1. Know your vulnerabilities, act proactively, and react quickly. Simply put, have a plan in place. For security teams operating in today’s environment, visibility, knowledge, and speed are critical to blocking attackers whose sole intent is to steal data and disrupt operations. Organizations must establish consistent visibility of all environments and be actively prepared to address potential vulnerabilities before they can be leveraged by attackers.
  2. Protect staff identities and access. It is highly recommended for organizations to consider mandatory multifactor authentication (MFA) on public-facing employee services and portals. Additionally, dynamic privilege access management process limits damage if an organization is breached and reduces lateral movement. Adopt Zero Trust solutions to compartmentalize and restrict data access to high-value information.
  3. Invest in threat detection solutions. Interactive attacks are designed to bypass automated monitoring and detection. Analyst surveillance, combined with artificial intelligence and machine learning, is the most effective means to detect and prevent sophisticated or persistent attacks.
  4. Stay a step ahead of attackers. Behind every attack is a human being. Understanding an attacker’s motivation and intent can be utilized to an organization’s advantage to predict and prevent future attacks.
  5. Make sure your cybersecurity policy, procedures, and protocols are current. Security policies need to be applicable to the ever-evolving cybercrime landscape. Make sure to address the use of personal devices, update data privacy protocols, and access to valuable information, including access management for remote workers.
  6. Establish a cybersecurity-driven culture. Just as technology is critical in the fight to detect and stop intrusions, education, and action of end-users play a critical role in effective cybersecurity practices. Inform and educate employees and inform again. Best-in-practice cybersecurity behaviors can be the difference between an attack and a breach.

 A rapidly accelerating digital transformation continues to reshape business and government processes in response to escalating cyberthreats. Familiar themes of remote work, supply chain, new ransomware, and mobile threats remain. Ultimately in 2022, cyberattacks will arrive with a vengeance. In the end, specific outcomes will boil down to how well organizations are prepared to detect, respond to, and stop cyberattacks before they become catastrophic breaches. 

 

 

 

 

 

To view or add a comment, sign in

Explore content categories