A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023
In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate.
In 2021, U.S. financial institutions lost nearly $1.2 billion in costs due to ransomware attacks alone. That was a nearly 200% increase over the previous year. If we continue at that rate, next year could see global costs approaching $16 trillion.
Why might costs be so high? Here are seven reasons why cyberattack rates and costs will rise dramatically in 2023.
The Cybersecurity Venture report correctly identified the talent crunch as a reason for concern. But the problem has even deeper roots. The worldwide economic outlook continues to face stiff headwinds. Inflation, the energy crisis and supply chain issues are affecting every industry. Inflation will increase the overall cost of cyber crime as preventive and remediation costs rise.
While inflation is not directly related to the number of incidents, it does impact company budget decisions. In response, some of the biggest tech brands are reducing headcounts and implementing hiring freezes. Meanwhile, security teams have been stretched thin for years. If security budgets don’t rise with inflation, security leaders will have even less buying power to implement strong security and capable teams.
Ransomware has plagued businesses, governments, individuals and organizations in nearly every sector. Now it’s easier than ever for threat actors to access powerful ransomware tools. Even with modest technical skills, criminals can launch attacks that can cost companies millions.
Ransomware and other malware can be purchased for as little as $66. You can even get a phishing kit for free on underground forums. Meanwhile, the global average cost of a data breach is $4.35 million. And the majority of targets are already victims of repeat attacks (83% have had more than one breach, as per IBM Cost of a Data Breach report). Since accessing malware services and kits has never been easier, attack rates are bound to rise substantially.
In 2021, the Russia-based REvil Ransomware-as-a-Service group was responsible for nearly 18,000 attack attempts in the U.S. alone. Members of the group were also behind the Colonial Pipeline attack. The cyber gang claimed to rake in annual revenues of over $100 million. Some might forget it was the Russian government that eventually took down REvil. Reportedly, the takedown was part of a rare collaborative effort between the United States and Russia.
Since the outbreak of the war in Ukraine, these kinds of collaborative efforts are less likely. The U.S. continues to increase cybersecurity collaborative efforts with friendly nations. But rising geopolitical tensions are already causing an increase in state-sponsored and politically driven attacks.
While the big, high-profile breaches fill headlines, many intruders prefer to target smaller organizations. Between 2020-2021, cyberattacks on small companies surged by more than 150%, according to RiskRecon, a Mastercard company that evaluates companies’ security risk.
The reasons behind this trend are twofold. For starters, smaller targets usually have weaker security. Also, high-profile targets like infrastructure or big corporations will likely attract a stronger law enforcement response. This means schools, local police departments, small government offices and businesses with less than 1,000 employees will continue to be attacked.
A recent report warns that the number of organizations with cyber insurance problems is set to double in 2023. They might be unable to afford cyber insurance, be declined coverage or experience significant coverage limitations.
Forrester commented on the situation in their Top Cybersecurity Threats for 2022 report. The firm predicts that it is likely that insurers will include new underwriting requirements and greater scrutiny of risk mitigation and security program maturity. The cyber insurance crisis is not only an indicator of rising risk. It will also place further pressure on businesses on the financial side in the event of a breach.
In 2021 there were a total of 11.3 billion IoT devices worldwide. This number will likely reach 15.1 billion in 2023. Meanwhile, as of 2022, 26% of U.S. employees work remotely. Current estimates expect 36.2 million American employees to be working remotely by 2025.
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal sensitive data, cryptojack devices or build botnets. Intruders may even reach corporate assets from a device connected to a home network where remote work occurs.
The attack surface has never been greater and continues to expand rapidly. This means threat actors have even more places to probe and attack.
The world continues to suffer from a wide variety of conflicts. In the geopolitical realm, pro-Ukraine or pro-Russian hackers launch attacks with political motives. We also see the rise of environmental hacktivists targeting mining and oil companies.
According to one expert, hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” incidents include the Democratic National Committee (DNC) email hack and the massive 2.6 TB Panama Papers leak. Hacktivism is a significant anti-establishment weapon promoting a diverse set of causes around the globe. And as street protests grow, online protests will grow as well.
These indicators all point towards a significant rise in cyberattacks and associated costs for 2023. Efforts to stem the tide are underway from both the public and private sectors. Let’s hope the good guys soon gain the upper hand.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
3 min read – Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses…
4 min read – As with many other aspects of life and business, 2022 held fewer overall surprises in cybersecurity than in recent years — thank goodness. Instead, many trends brewing over the past few years began to take clearer form. Some were unexpected,…
5 min read – This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by…
Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking. Sounds like a typical Software-as-a-Service (SaaS) operation, right? Well, this time, it’s Caffeine, the latest Phishing-as-a-Service (PhaaS) platform. A basic subscription costs $250 a month; all you need is an email to sign up.How Caffeine PhaaS is DifferentPhaaS vendors advertise and sell their products as phishing…
In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…
In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure and IoT devices was exposed. Over 35,000 Java packages were impacted by Log4j vulnerabilities. That’s over 8% of the Maven Central repository, the world’s largest…
Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker. Social engineering typically involves tricking an authorized user into taking an action that enables cyber attackers to bypass physical or digital security. One common trick is to trigger a victim’s anxiety to make them more careless. Attackers might pose as a victim’s bank, with an urgent message that their…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.