Cost of data breach 2022
The IBM Cost of a Data Breach Report 2022 showed some interesting statistics indicating how challenging 2022 was for cyber experts. For the first time, 83% of organizations had more than one data breach. These data breaches led to 60% of organizations increasing prices passed on to customers.
On average, the total cost of a data breach in 2022 was $4.35 million, reaching an all-time high. Compared to 2021, we’ve seen a 2.6% increase in costs and a 12.7% increase compared to 2020.
Ransomware attacks saw the greatest growth, with a whopping 41% growth rate. The average cost for this type of cyber attack actually fell from $4.62 million in 2021 to now $4.54 million.
Let’s dive into the three biggest data breaches in 2022.
- Conti Costa Rica Ransomware
The state of Costa Rica was attacked by Conti in April 2022, with an estimate of over 600 GB of data being stolen and leaked online. The Government even declared a state of emergency as a result of this breach, while the US jumped in to offer a $15 million bounty for the arrest of the hackers that perpetrated this attack.
As a side note, Conti is a ransomware-as-a-service operation that infects systems and asks for a ransom to return control of the system to the user. The threat group WizardSpider is allegedly behind the creation of this “virus.”
- Crypto.com theft
January 17 was not a good day for the crypto trading platform Crypto.com as hackers made out with $18 million worth of Bitcoin and $15 million of Ethereum, as well as other cryptocurrencies. An additional troubling development was that hackers managed to bypass two-factor authentication and access users’ wallets directly.
While Crypto.com initially claimed that it was just an “incident,” in the end, they confirmed that the user’s funds were stolen and that they had to reimburse their users.
- Oktapus spree
Over the summer, a group called Okatpus performed a massive phishing run across more than 130 organizations, most in the US. It is believed that 10,000 accounts were compromised thanks to this group. Hackers sent users text messages with malicious links that led to fake authentication sites. A large US company Twilio saw the worst of this attack, as their user’s data was breached.
Besides these “commercial” hacks, the biggest threat in 2022 loomed large over Ukraine as the country found itself in the midst of a war that was followed up by cyber warfare.
War in Ukraine
The beginning of the year was marked by a new type of security threat to users across the globe, and that is the war in Ukraine. Signs of a new malware emerged, which was reportedly being specifically built for Russia’s cyber warfare against Ukraine. As the war intensified, the Cybersecurity & Infrastructure Security Agency (CISA) came out with a joint statement with the FBI and NSA to help organizations understand the threats that state attackers pose.
Based on the reports of the attacks, the intruders managed to steal valuable information from Ukrainian government and infrastructure networks. However, they also left traces and playbooks of their attacks. This allowed cyber security companies to publish detailed accounts of attacks and steps individual users can take to mitigate becoming a potential victim of these attacks.
Worldwide cybercrime statistics for 2022
The UK saw the highest number of cybercrime victims per million users in 2022 (4783 users per million Internet users), with an increase of 40% compared to 2020. The UK and the US have disproportionately more cybercrime per million users than other countries. For example, in 2021, the US had 759% more victims than their neighbors in Canada.
On the other hand, the National Cyber Security Index (NCSI) shows which countries have the highest rating and lowest number of cybercrime victims. Greece, Lithuania, Belgium, Estonia, and the Czech Republic dominate the top five. Interestingly, the UK takes the 22nd position and the US 43rd out of the total 161 countries on the list.
Source: NCSI
When it comes to data breach statistics, China, Japan, and South Korea dominated the negative headlines. Between Q2 and Q3 of 2022, China saw a 4852% increase in data breaches or 14,157,775 breached accounts; Japan saw a 1423% increase in data breaches or 1,246,373 accounts breached; and South Korea saw a 1007% increase in data breaches or 1,669,124 accounts breached.
During that same time period, Sri Lanka, Myanmar, and Iraq saw the largest decrease in data breaches, a 99%, 82%, and 78% decrease, respectively. But let’s turn now to 2023, to see what the experts believe will be the dominant trend in cybersecurity circles for the new year.
What can we expect in 2023?
According to the European Union Agency for Cybersecurity (ENISA) report for 2022, the cybersecurity landscape was dominated by state-sponsored cybercrime, hacktivists, and other prominent threat actors. Due to economic hardships, there is a belief that a similar situation will play out in 2023. But are there specific cybersecurity trends that individuals should track? As a matter of fact, yes, and here are some worth keeping an eye on.
- Economic hardships equal more cybercrime (beware of ransomware)
History has shown us that uncertain economic times bring more criminal activity, and with an uncertain economic climate surrounding the new year, more cybercrime is expected. More specifically, ransomware attacks which proliferated in 2022, are expected to continue their relentless march toward unsuspecting victims.
- Banding together to fight crime
As the concern around cybercrime grows and as it becomes increasingly difficult to keep attackers at bay, we may see countries and organizations band together to fight cybercrime. The EU issued the NIS 2 Directive, which among other things, puts a special focus on enhancing collaboration at the union level. Large software companies are also stepping up to jointly fight against complex cybersecurity threats, with Microsoft trying to take the lead role in this effort.
- Companies to spend more on security
Work from home is here to stay, and with that come a new slew of cyber security issues. While companies did jump on the “VPN bandwagon” to offer their own virtual networks to which users connect, the fact that home routers are not as protected may pose a new challenge. With this, it is expected that companies will continue to invest in cyber security and training of their employees, which in the long run may just decrease the number of victims.
Final words
The end users are obviously under threat each time they log onto the Internet, as evidenced by the growing number of victims. Companies are also under pressure as ransomware attacks, and data breaches increase. While there is certainly a technical element to these threats, eliminating the “human factor” from the equation is the greatest defense.
This means that the end user needs to be educated enough about the malicious techniques used by cybercriminals and practice good password management. Staying vigilant and not giving away one’s personal information freely online or offline can also help stay protected from criminals. With all this said, 2023 could be another challenging year for cybersecurity experts and users. Let’s hope that expert predictions are wrong and 2023 will be a mild year, with none of us losing any real value in cyberspace.