The coronavirus pandemic has accelerated digital transformation. It has led to more organizations migrating to the cloud than ever before to allow for work-from-home policies to be enforced. However, it has increased the risk of cyberattacks. Since remote workers do not use secured networks and opt for unsanctioned personal devices for accessing corporate, companies must implement strict security measures to prevent financially-motivated cybercriminals from taking advantage of the vulnerabilities.

Unfortunately, many organizations have pushed cybersecurity to the side and have deployed new digital business models that have made cyberattacks successful. For instance, brute force attacks, social engineering attacks, and credential stuffing continue to be used to attack organizations. A study by liquid Web involving 500 participants who suffered from some form of cyberattack between 1st June, 2020 and 31st May, 2021 was conducted to gain insights into the ongoing threat of cyberattacks. The survey revealed eye-opening findings as mentioned below.

  • Over 2 out of 3 respondents stated cybersecurity increased in priority.
  • 2% of the respondents experienced affected servers for a 1 month or even longer.
  • 6% of the participants spent more money to acquire protective software after an attack.
  • 4% surveyed lost around $100,000 to $1 million in revenue due to a cyberattack.
  • 4% of those reported have made cybersecurity their number one priority after the attack.
  • 4% hired more employees for supporting against future cybersecurity attacks.

 

What Is A Cyberattack?

The findings from the survey have alerted organizations to take cybersecurity seriously. Before we dive deeper into the matter, it is important to understand what a cyberattack is. In the simplest of words, it is an attempt by a cybercriminal to seek unauthorized access to a network, system, or computer. There are various motives behind these attacks, including controlling or disabling computer systems, or manipulating and stealing confidential data.

Some of the most common types of cyberattacks include distributed denial of service, ransomware, malware, and phishing. The FBI’s Internet Crime Complaint Center (IC3) reported that cyberattacks cost $4.2 billion in 2020 alone. It was also noted that cyberattacks mostly consisted of phishing-based scams.

 

Vital Information from the Liquid Web Cybersecurity Actions and Attitudes Study

Only participants from the US were surveyed who claimed that they had suffered from a cyberattack during the period of 2020 to early 2021. They key demographics of the study group as mentioned below.

Age Groups

  • 54 (7.8%)
  • 45-54 (10.8%)
  • 35-44 (50.2%)
  • 25-34 (20.2%)
  • 18-24 (11.0%)

Gender

  • Male: 290 or 58% of the respondents surveyed
  • Female: 210 or 42% of the respondents surveyed

Organization Roles

  • CEOs, Presidents, or Chairpersons: 77 or 15.4% of the respondents surveyed
  • Chief Technical Officers: 24 or 4.8% of the respondents surveyed
  • Directors: 81 or 16.2% of the respondents surveyed
  • C-Level Executives: 132 or 26.4% of the respondents surveyed
  • Technical Staff: 186 or 37.2% of the respondents surveyed

 

Findings

  1. Phishing Is the Go-To Tactic

One of the main findings of the study is that phishing is the go-to tactic among cybercriminals. It is also important to note that brute force attacks are also common. Verizon’s 2021 Data Breach Investigation Report showed an increase in Covid-19-related phishing scams and brute force attacks. If you do not know what brute force attacks are, they are a tactic used by cybercriminals involving different combinations of usernames and passwords to find out which one works. Phishing was reported at 31.4%, brute force attacks at 25.4%, and malware at 20.4%.

  1. Over 20% of Respondents Were Impacted for a Month or Longer

Another finding to consider is that 21.2% were impacted by a month or longer. Even though a majority of the participants were only affected for 12 hours or less, a massive 21.2% had an impact on their servers or systems exceeding 1 month which is a lot of time. There were even some that reported being affected for more than 6 months.

  1. Financial Services, Government, and Healthcare Sectors Are Most Likely to Experience Cyberattacks

Most of the participants in the financial services, government, and healthcare sectors had experienced some type of cyberattack and knew what it entailed. However, participants who claimed that they did not know what a cyberattack was felt confident that they could protect themselves against cybersecurity risks.

  1. More Than 76.6% Have Increase Spending on Protective Software since Their Cyberattack

A notable finding that most businesses can learn from the study is that a majority of participants have started spending more on protective software ever since they encountered a cyberattack. Gartner has reported that information security and risk management technology will see an increase in investment. A massive 76.6% of the participants claimed that they were spending more than before.

  1. Nearly Every Participant Experienced Revenue Loss Irrespective of Whether the Attack Was Successful or Not

Revenue loss was also observed by just about every participants due to an attack. Even though 55% of participants claim that the cyberattack was unsuccessful, all of them have experienced some kind of revenue loss. The reason behind this is that cyberattacks comprise data damage, stolen money, and IP theft.

  1. Cybersecurity Priorities Remained the Same for Nearly 20% after the Attack

36.4% of the participants made cybersecurity a top priority after a cyberattack, whereas, about 20% of the participants kept cybersecurity as a main priority. It shows that companies are aware of the risk of a cyberattack.

  1. 74% of Respondents Invested More in Cybersecurity Education Protocols and Rollouts Following f the Attack

Organizations that encounter are a cyberattack are more likely to invest more in cybersecurity education protocols and rollouts after experiencing an attack. 74% of the participants claimed that their company is investing more resources towards governance frameworks and training to prevent future attacks.

  1. Demand for Cybersecurity Professionals Is High

Finally, it is important to note that the demand for information security professionals is expected to increase to 31% by 2029 according to the US Bureau of Labor Statistics. 62.4% of the participants surveyed claim that they are increasing cybersecurity staffing to prevent cyberattacks.

 

Conclusion

Once you have finished reading our post, you will come to know that cyberattacks are becoming more common than ever before. It is the perfect time to improve your cybersecurity capabilities by investing in the right personnel.