Cybercriminals exposed 2.8 billion consumer data records in 2018, costing U.S. organizations over $654 billion. Healthcare, financial services and government were the sectors hardest hit by cyberattacks, new research shows.
Cyberattacks against U.S. financial services have dealt $6.2 billion worth of damage in the first quarter of 2019 alone, a steep rise from just $8 million in the same quarter of last year, according to ForgeRock. And even though businesses have increased their investments in information security products and services ($114 billion invested in 2018), cyberattacks still succeed against organizations across a wide spectrum of industries.
97% of all breaches in 2018 targeted personally identifiable information (PII), indicating that bad actors are fully aware of the high value of this information. Date of birth and/or Social Security Numbers were the most frequently compromised type of PII in 2018, with 54% of breaches exposing this data. Name and physical address (49%) and personal health information (46%) were the second and third most commonly compromised type of PII.
34% of attacks were performed through unauthorized access, mainly by stealings employee credentials through social engineering schemes, like phishing. The verticals most impacted by cyber attacks were healthcare, financial services and government.
Bad actors have increasingly targeted healthcare organizations in the past few years, something the study further corroborates – 48% of all consumer data breaches took place in the healthcare sector. This is four times more than any other sector, researchers calculate. Financial services and government were the second and third most victimized industries, together comprising a fifth of all breaches.
Ransomware was the second most frequent attack type in 2018, an expected outcome given the popularity of this malware in attacks against the healthcare industry, researchers said.
Bitdefender recently published a free whitepaper titled The Evolution of Ransomware in 2018, where we discuss how ransomware authors increasingly operate as a business. In 2018, we observed how the number of overall infections dropped from 2017, but targeted attacks increased as ransomware operators switched to more lucrative techniques and campaigns. Of the most publicized ransomware families in 2018, GandCrab took the limelight in the second half of the year, with a 50% share.