January 30, 2018 By Larry Loeb 2 min read

2017 was another record year for cybercrime. According to the Online Trust Alliance (OTA), the number of cybersecurity incidents nearly doubled from the previous year. This led Jeff Wilbur, director of the OTA initiative at the Internet Society, to call it the “worst year ever in data breaches.”

The group’s “Cyber Incident & Breach Trends Report” attributed this massive surge — from about 82,000 incidents in 2016 to an estimated 160,000 in 2017 — to the unprecedented rise of ransomware, which accounted for 134,000 attacks. Even worse, the report noted that the total number of attacks could actually be as high as 350,000, since many breaches go unreported.

Another Record Year for Cybersecurity Incidents

The rise in incidents is due in large part to several novel attacks methods that emerged or ramped up in the past year. The FBI estimated that business email compromise (BEC), for example, cost companies around the world $5.3 billion, as cited in the report. Ransom denial-of-service (RDoS) activity, in which fraudsters threaten to direct overwhelming amounts of traffic to target websites unless domain owners pay a ransom, also spiked in 2017.

Of course, high-profile ransomware attacks such as WannaCry and NotPetya also contributed to 2017’s eye-popping cybercrime statistics. The former, which the OTA called “one of the most widespread and devastating attacks in history,” infected 300,000 computers across 150 countries, halting operations at organizations around the world. The latter similarly affected hundreds of thousands of endpoints in more than 100 countries.

According to the Ponemon Institute and IBM’s “2017 Cost of Data Breach Study,” the average cost of a data breach was $3.62 million in 2017, up 10 percent from the previous year. The U.S. alone lost an average of $7.35 million per incident, a 5 percent increase from 2016.

Overall, the report noted a marked increase in cybercrime across all categories, including the number of breaches, number of records exposed, and breadth of countries and organizations impacted.

Poor Security Awareness to Blame

The most alarming statistic cited in the report is the fact that 93 percent of incidents could have been prevented by following basic security best practices, such as patching software and conducting phishing training. While 52 percent of breaches were the result of “actual hacks,” 15 percent were due to lack of security software, 11 percent were caused by insufficient insider threat oversight and 8 percent due to phishing attacks.

These numbers suggest an urgent need for greater security awareness. More effective training and more thorough incident response planning can help mitigate these threats and avoid the monumental costs associated with them.

More from

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today