Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Cyber-Attacks Cost Global Firms $45bn in 2018

Cyber-criminals are getting better at monetizing their attacks, with $45bn lost last year alone in two million incidents, according to Internet Society’s Online Trust Alliance (OTA).

The group’s new Cyber Incident & Breach Trends Report comprises information from the FBI, Risk Based Security, the Identity Theft Resource Center and other sources.

It paints the picture of a rapidly maturing cybercrime economy in which both tried-and-tested and emerging techniques are being used in highly effective ways to generate illicit profits for the black hats.

One example of this is ransomware: although overall infections declined 20% from 2017 figures, losses spiked by 60% as attackers focused on higher value business targets.

As reported by the FBI, Business Email Compromise (BEC) has also become a major money-maker for cyber-criminals, netting them $1.3bn in 2018 – double the figure of a previous year.

The report also warned of a 78% increase in digital supply chain attacks of the sort seen with groups using Magecart code to infect e-commerce sites. It claimed that two-thirds of organizations have suffered an attack costing on average $1.1 million, and estimated that half of all cyber-attacks last year involved the supply chain.

Credential stuffing attacks were also highlighted as an urgent threat to address, given figures claiming there were 30bn malicious log-in attempts last year.

On the plus side, there was a 3.2% decrease in reported data breaches last year, and the number of exposed records also dropped in 2018 from the previous year.

Still, the Internet Society claimed that 95% of breaches are preventable. It urged all organizations to put in place a tested incident response plan, to train employees on an ongoing basis and to continually review security, data management and privacy practices.

The report contains a handy checklist for organizations to help them get “incident ready."

"While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance. “Cyber-criminals are using their infiltration ability to focus on new, more lucrative attacks. Staying up-to-date on the latest security safeguards and best practices is crucial to preventing attacks in the future.”

What’s Hot on Infosecurity Magazine?