It’s been a busy year for the cybersecurity industry. Cyberattacks have increased in number and sophistication, resulting in a host of high profile breaches. According to a new report by McAfee, the combination of financial loss and cybersecurity spending has cost the global economy an estimated $1 trillion in 2020. This estimate is a 50% increase from 2018. What is responsible for this dramatic increase, why are the costs so high and what trends should we expect to continue into 2021?
Why the increase?
One reason is that cybercriminals are using more effective techniques such as artificial intelligence and deepfakes. For example, machine learning engines can be trained with the data from successful cyberattacks, allowing the hacker to target vulnerabilities that have been found in similar operations. Similarly, AI-enabled deepfake technology can now produce synthetic audio recordings, leading to a rise of ultra-convincing voicemail phishing scams.
At the same time, the shift to working from home has created a cybersecurity challenge. Strictly maintained office IT security is often not upheld at home. Changes to procedures and increased use of personal devices causes weak links in the system for hackers to exploit. The combination of enhanced cyberattacks and a vulnerable cybersecurity defence creates an ideal hunting ground for cybercriminals.
Why is the cost so high?
According to McAfee, intellectual property theft and financial crime account for 2/3 of the monetary losses in a cyberattack, posing the most significant threat to companies. However, 92% of companies said that the damage went beyond the monetary. The biggest hidden cost of a cyberattack was the loss in productivity and work hours caused by business disruption during the incident. Other hidden costs included reduced efficiency, brand damage and loss of workplace morale. For example, the 2014 Sony hack resulted in internal issues being publicly aired, resulting in employees feeling a ‘leadership vacuum’ months after the hack.
Cyberattacks have a severe impact on a company that goes beyond the financial. Despite this, under half of companies have plans in place to both prevent and respond to cyber incidents. To make matters worse, budgets have been cut. Cybersecurity professionals are having to do more with less, making for a difficult landscape.
The attack on remote working is expected to continue. It’s much easier for cybercriminals to target common home devices rather than a secure office network. They then use these weak access points to gain lateral movement into the wider system. Attacks will also continue to focus on crucial industries such as healthcare. When the potential impact of a cyberattack is loss of life through failure to provide medical care, cybercriminals know that ransomware attacks are likely to result in a payoff, meaning these sectors are lucrative targets.
Cybercriminals are known for adapting their tactics to the landscape. 2020 has also seen a whirlwind of digital transformation with increased adoption of 5G, use of AI analytics and the cloud to enable remote work and increased demand for digital services. However, this brings new and unforeseen cybersecurity vulnerabilities, so we should expect to see more cyberattacks focusing on these new technologies.
To summarise, 2020 has seen an unprecedented rise in cyberattacks. This is somewhat explained by the combination of more effective attack techniques and cybersecurity issues caused by remote working. This pattern is expected to continue and expand to new technologies. Given the monetary and further business damage caused by these attacks, it’s vital for cybersecurity to adapt to these new challenges in 2021.