- In 2021, the total number of data breaches has already exceeded last year’s total by 17%
- The COVID-19 pandemic has brought a new wave of hacker tactics
- Security preparedness includes privacy management
Read more below.
Trends in cyberattacks and how Privacy preparedness can save valuable time, costs, and consumer trust.
Recently the Identity Theft Resource Center indicated that in 2021, the number of data breaches has already exceeded last year’s total by 17%. While this data only reflects the totals through Q3, the pace at which data breaches are occurring this year may outstrip that of 2017, which saw an all-time high of 1529 breaches.
Data security is a paramount concern for both individuals and companies, and investigations into this year’s high number of breaches have revealed that phishing and ransomware are the chief contributors to the ongoing spike. Ransomware in particular has garnered increased attention as a data security and privacy concern in 2021.
As described by Caitlin Fennessy of the International Association of Privacy Professionals, “the full nature of the ransomware scourge is impossible to quantify given the lack of reporting obligations and the shadowy nature of ransomware payments.”
In line with Fennessy’s statements, data breach reporting obligations are based on what legally constitutes a breach (and therefore requires notification), which varies from state to state, and because paying the ransom to retrieve the stolen data “is legal in most circumstances,” and “remains a business decision” based on the legal and financial factors that corporate leaders consider when a ransom is demanded.
The Increasing Cost and Likelihood of Data Breaches
According to Forbes magazine, the average cost of a data breach is now $4.24 million, an increase of nearly 10% since the pre-covid era. It is urgently important for companies to adopt effective methods of dealing with ransomware attacks, as this form of security threat represents the future of hacking.
In fact, in the first half of 2021, ransomware attacks occurred 93% more frequently than they did in the same period of 2020. This spike is expected to continue accelerating. PriceWaterhouseCoopers tells us that 64% of CISOs and CEOs expect more ransomware attacks in the second half of 2021 than in the first.
Considering the steep increase that this year has already seen, it is clear why companies should begin taking measures to prevent this newly ascendant method of digital blackmail.
However, the same source tells us that over half of the same corporate leaders report they still have not mitigated the risks associated with the increased prevalence of remote work, digitization of information, and increased utilization of cloud storage that have all come about as results of the pandemic.
New Hacker Tactics Arise During COVID-19 Pandemic
While it is tempting to blame the increased use of these technologies in this era of stay-at-home work for the dramatic increase in the frequency of ransomware attacks, it is also worth noting that a dark web culture of RaaS, or ransomware-as-a-service, is creating communities of hackers who are cooperating to extort companies using data exfiltration softwares.
According to Mitch Mellard, principal threat intelligence analyst at Talion, who is quoted by Emma Woollacott in an article for The Register, these organized hacker communities work like companies, recruiting affiliates through the dark web, where “they proudly links to online infosec publications specifically discussing their strain like a badge of honour, like a mundane software store would display positive reviews from tech publications.”
One favored tactic of these criminal organizations is the continued targeting of healthcare providers, who they hold at ransom for their clients’ confidential health information.
Security Preparedness Includes Privacy Management
In short, the future looks unpredictable for companies and institutions who want to protect their data from ransomware and other forms of computer hacking as we move through Q4 of 2021 and into 2022.
One of the primary questions facing corporate leaders in the wake of an attack is whether to notify the relevant authorities – in other words, whether the breach meets notification requirements under local law. The effort of analyzing the data manually in order to make such a decision is in and of itself a daunting proposition.
Luckily, RadarFirst has developed a software to answer just that question. Radar Intelligent Incident Response is the only software designed to give corporate leaders a definitive answer when trying to assess whether a breach requires notification.
Radar automates privacy risk assessment and is continually updated to reflect changes in regulation, providing corporate leadership with accurate notification obligations faster and more consistently than manual risk assessment.
Radar also saves time by keeping track of and interpreting privacy regulations, freeing up company resources to respond in faster and more effective ways.
Radar has a track record of demonstrable return on investment, saving companies time and money in multiple ways. Not only does Intelligent Incident Response help companies avoid penalties for breaches that do not incur a notification obligation, but it increases the speed of resolution while improving rather than compromising accuracy.