CyberGuide - Information Security and Cyber Risk Management



Network security disruptions double in first-half 2021: Advisen data

By Erin Ayers, Advisen

Network security incidents or disruptions grew from less than 10% of overall events to nearly 20% of events in the first half of 2021, according to a recent review of Advisen data.

During Advisen’s Q2 Cyber Risk Trends webinar, Aloysius Tan, product manager for Advisen, a Zywave company, discussed insights from the latest data (see below).

“This growth should come as no surprise, given the prevalence of network disruption and ransomware incidents over the past few months,” said Tan during the webinar. “What the chart does not show, however, is how these attacks have grown in scale and efficiency over the years.”

Technology errors and omissions events also showed an uptick in 2021. These events reflect operational failures resulting from errors or oversights in the implementation or maintenance of the organizations’ IT environment.

Did you miss Advisen’s Q2 2021 Quarterly Cyber Risk Trends webinar? Listen here!

Data privacy incidents make up the bulk of cyber incidents experienced by organizations. They have dropped slightly in 2021, but still make up about 65% of all events. Data privacy events include data breaches, social engineering, and skimming attacks, for example.

Privacy violations, which relate to various laws and regulations dealing with the collection and disclosure of information to a third party or contacting individuals or companies without their permission, have trended downward over the years. That may change, as high-profile events have attracted regulatory attention and consumer privacy laws and regulations continue to expand.

Sophisticated events that sidestep advanced cybersecurity controls to exploit trusted relationships are becoming more common, Tan noted.

“The Kaseya attack was highly efficient in that it exploited an authentication bypass vulnerability in the software to gain a foothold and proliferate down the supply chain. This is reminiscent of the SolarWinds attack at the end of last year, another supply chain attack that impacted a whole host of companies when they unknowingly installed systems updates containing malware that infected systems,” said Tan. “The WannaCry and NotPetya attacks of 2017 served as blueprints that highlighted the vulnerabilities of enterprise networks. The supply chain attacks we have seen over the past year, whether ransomware was involved or not, further highlight how software vulnerabilities can serve as a launchpad for attacks that can easily proliferate down the supply chain.”

A perennial target for cybercriminals, the finance and insurance sector, took a slight backseat to healthcare in the last 12 months. The “Other” category also increased with more cyber incident hitting the transportation and utilities industries. In Q2, the top 3 industries were healthcare, education, and public administration (see above).

“We continue to see the effects of the pandemic on the cyber landscape,” said Tan. “Healthcare and the public administration sector, which covers municipalities and various governmental entities, both bore the direct brunt of the pandemic, though in different way.”

Hackers were able to exploit the fact that these industries were distracted dealing with the pandemic as well as the likelihood that ransomware incidents would more likely than not be paid as these organizations could not afford to have their systems offline.

Much has been discussed of the expanded threat landscape due to working from home. However, the return to the office poses challenges as well.

“The transition back to the office environment, which many companies are planning to do later this fall, might bring with it a whole other set of risks as people bring their devices back to the office and connect them to the larger organizational infrastructure, putting systems at risk,” Tan noted.

In terms of the type of assets compromised in cyber events, the proportion of corporate assets doubled this quarter compared to last year, with a corresponding decrease in the proportion of personal financial information (PFI), according to Advisen data (see below). This category includes DDoS attacks, financial and digital assets such as company data or intellectual property.

“Hackers realize that corporate asset tend to be more valuable to companies than PFI data and have shifted their targets accordingly,” said Tan.

Personal identity information (PII) seemed to be falling out of favor with cybercriminals in the past, given the prevalence of data breaches and the low-effort, low-reward nature of the data. However, it has begun to creep steadily back up over the last two years, rising slightly higher than 2020 in the first half of 2021.

“This is interesting because while a lot of the focus tends to be on the big sophisticated cyber incidents that occur, we still are seeing a lot of these less advanced attacks take place,” said Tan. “At the end of the day, cyberattacks are an opportunistic enterprise. Hackers are looking to get into systems any way they can, and there is a lot of low-hanging fruit out there.”

Editor Erin Ayers can be reached at erin.ayers@zywave.com. Aloysius Tan can be reached at aloysius.tan@zywave.com.