Ranked: The Top Cyberattacks Against Businesses
Cyberattacks hit a record high in 2021, continuing the momentum that had developed during the COVID-19 pandemic. One reason for this increase is the shift to remote work, which has opened up new vulnerabilities. Home networks are typically less secure, and the rapid rise in the use of online services means security is falling behind.
In this graphic sponsored by Global X ETFs, we’ve visualized survey results showing the 10 most successful types of cyberattacks in 2021.
The Results
These results are from a 2021 whitepaper by Osterman Research, a market research firm focused on cybersecurity. They surveyed 130 cybersecurity professionals from mid and large-sized organizations to see which types of attacks were the most prominent.
Type of Attack | Percentage of respondents (%) |
Business email attack was successful in tricking a lower-level employee | 53% |
Phishing message resulted in a malware infection | 49% |
Phishing message resulted in an account being compromised | 47% |
Domain name was spoofed to perpetrate phishing campaigns | 38% |
Ransomware was detected before it could be activated | 34% |
Business email attack was successful in tricking a senior executive | 28% |
Domain name impersonation resulted in a third-party being compromised | 16% |
Phishing message resulted in a ransomware infection | 14% |
A ransomware attack was successfully launched | 10% |
A ransomware attack rendered internal IT systems non-operational | 10% |
Source: Osterman Research (2021)
The report notes that these figures may be understated because organizations are likely to downplay their security incidents. Organizations may also lack the capability to detect all types of cyberattacks.
The Impact of Phishing Attacks
Phishing refers to an attack where the perpetrator pretends to be a trusted entity. These attacks can be carried out over email, text message (SMS), and even social media apps. The goal is often to trick the victim into opening a malicious link.
According to the whitepaper, opening malicious links can result in credential theft or ransomware infections. Credential theft is when attackers gain access to internal systems. This is incredibly dangerous, as it allows attackers to commit fraud, impersonate company officials, and steal data.
A powerful tool for preventing credential theft is multi-factor authentication (MFA). This method requires users to provide multiple verification factors to access a resource (instead of a single password).
The Threat of Ransomware
Ransomware is a type of cyberattack that involves blackmail, often for financial gain. For ransomware to be successfully planted, attackers must first gain access to a company’s networks.
Access can be gained through phishing, as discussed above, or alternate means such as compromised software updates. One such attack impacted over 57,000 Asus laptop owners in Russia after hackers created a malicious update tool on an official Asus server.
Cybercriminals have become increasingly ruthless in how ransomware attacks are executed.
– Osterman Research
Researchers have warned that ransomware attacks are becoming more dangerous and sophisticated. In addition to locking organizations out from core systems, hackers are also stealing data to increase their leverage. If a ransom is not paid, the stolen data may be published or even sold to the highest bidder.
Under Siege
The rising frequency and sophistication of cybercriminal activity is a major threat to the world.
According to the World Economic Forum’s 2022 Global Risks Report, ransomware attacks have increased by 435% since 2020. Furthermore, there is an estimated shortage of 3 million cybersecurity professionals worldwide.
To catch up, businesses and governments are expected to increase their spending on cybersecurity over the next several years.
The Global X Cybersecurity ETF is a passively managed solution that can be used to gain exposure to the rising adoption of cybersecurity technologies. Click the link to learn more.