The Internet of Things (IoT) refers to the billions of physical devices around the world that are now connected to the internet. This includes any device that is readable, recognizable, locatable, addressable and/or controllable via the internet. This includes everything from smart phones to smart watches to smart cars and smart home appliances. 2020 was a crazy and busy year for everyone and this includes bad actors such as hackers. Last year broke all records for the number of cyber attacks and all the data lost due to them. Governments, private businesses, and individual citizens were attacked more than ever before due in large part to the increase in devices worldwide and the growth of The Internet of Things as well as the expansion of the cyber-attack surface. It is estimated by 2025 there will be 30 billion IoT connections worldwide and an average 4 IoT connections per person.
The migration for many workers from working in secure office spaces to less secure home offices played a big role in the increase in data breaches for private businesses. According to Statista, during the coronavirus (COVID-19) pandemic approximately 44% of U.S. based employees worked from home 5 or more days per week, up from 17% pre-pandemic. This number is estimated to come down slightly as 2021 comes to an end but the data is clear that for the foreseeable future the cyber security attack surface has widened to nearly every employees home internet connection.
In The State of Ransomware in the US: Report and Statistics 2020, Emisoft claims US ransomware attacks cost an estimated $915 million in 2020 and that number is only projected to grow as ransomware attacks become more sophisticated. Ransomware attacks are making daily headlines as they wreak havoc on businesses and infrastructure such as Colonial Pipeline as well as governments, healthcare organizations, and educational institutions. Almost 200 million ransomware attacks occurred in the first nine months of 2020 representing a large increase over the previous year. While average ransomware payments have been on a decrease since Q1 2021. This is due in part to the attention ransomware has received from corporate executives and governments after several news stories and hearing were conducted after the Colonial Pipeline attack.
According to the European Union Agency for Cybersecurity (ENISA), 20% of cybersecurity incidents in 2019 started or finished with a physical action and a physical attack was the main method in 54% of all data breaches. None of this is helped by the fact that 65% of employees said they behaved in ways or adopted practices that may risk physical security. A recent news story involving a disgruntled student at The College of St. Rose in Albany, New York proved just how costly and dangerous physical attacks can be. Vishwanath Akuthota, an alumnus at the college returned to campus in 2019 and used a "killer USB" device to destroy 59 Windows workstations and seven iMacs alongside “numerous monitors and digital podiums. This attack demonstrates the dangers of a physical breach. Inside threats are on the rise as well. Due to the increasing cost of other attacks, hackers are willing to offer large amounts of money to insiders. Cost of insider threats rose by 31% in 2020 and 40% of organizations in a ENISA Threat Landscape survey felt vulnerable to having confidential business information exposed by an inside threat.
Red Sea Information Security offers services in Penetration Testing, Auditing, Network Assessment, and Generalized Information Technology support which includes Security Awareness Training for trends such as the ones mentioned above as well as many others. The growing cybersecurity landscape and the continuing sophistication of attacks requires education and investment into making sure you or your organization can properly defend itself from such threats.