A new report detailing 2020 cybersecurity trends reveals that Covid-19-induced changes in online activity, most notably the massive shift to remote working, created fertile ground for cyberattacks. Worse yet, many of these trends have carried over into 2021 as work-at-home remains the status quo in many countries.
According to “Global Year in Breach 2021” report released by cybersecurity specialist ID Agent in March, a combination of overworked IT professionals, inadequate security measures, and an underlying recession all contributed to a record-breaking year for phishing and ransomware threats in 2020. Drawing from ID Agent’s own internal data, the report paints a concerning picture of how global events can quickly translate into increased security vulnerabilities.
Among the report’s key findings:
- Phishing attacks, in which e-mails appearing to be from well-known companies are actually sent by malicious actors seeking to obtain access to personal information such as passwords and credit card numbers, increased more than 660% from 2019.
- Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 due to a third-party or supply-chain fault. The US suffered the most because of two particularly bad breaches, but worldwide figures weren’t much better – worldwide, over 60% of data breaches were due to third-party exposure.
- Remote workers – who frequently were sent home without adequate work-from-home security training – were the cause of half of all data breaches, and 60% of remote workers unwittingly interacted with phishing e-mails.
- The massive increase in phishing attacks resulted in an even larger 715% increase in ransomware attacks, in which unknowingly-downloaded malicious software blocks computer access until a sum of money is paid.
- So-called “dark web” activity (hard-to-trace illegal activity on the dark corners of the Internet) jumped by 44% in 2020, driving an 80% jump in overall cybercrime. ID Agent estimates that two in five small-medium businesses (SMBs) were impacted by cybercrime last year.
Unfortunately ID Agent expects the cybercriminal environment to worsen in 2021 as some enterprises choose to move to remote work permanently, while others move to hybrid work environments.
Once again, phishing is expected to be the primary culprit of cyberattacks, unless companies can do a better job teaching their employees not to take the bait.