Upstream Security’s 2020 Global Automotive Cybersecurity Report:Automotive cyber incidents doubled in 2019, reaching 188 vulnerabilities.
Statistics on Data Breaches – In Banking space
Almost 70% of all data breaches are financially motivated – I say all hacks are financially motivated directly or indirectly unless the actor is nation state and motive is different than money. The cost of cyberattacks in the banking industry reached $18 million annually per company. This number will go up as we progress. The United States suffered close to 1500 cyberattacks over the last year, leading to almost 165 million successful data breaches.
It is estimated that spending on cybersecurity training will reach over $10 billion by 2027. As far as customer mind set is that 8 out of 10 US citizens fear that businesses is not capable of securing their financial data. According to FBI, the amount paid to ransomware scammers has reached nearly $1 billion per year. Over 90% of ATMs are vulnerable to hacks due their legacy platform hardware and software which comes their own critical vulnerabilities, and it is not difficult to compromise. Oveall gap of security jobs and people to support these functions, the number of unfilled data breach protection jobs will rise to 3.5 million by the year current year. The last one to mention here is, Banking heist was bank of Bangladesh – it was one of the biggest.
FireEye and Solar Winds security breaches have opened a pandora’s box in SaaS services security. Due to cloud migration enterprise boundaries will fade and we never where to draw line as internal network or external. This was classic supply chain attack. As we progress such attacks will be more common.Solar winds had 300,000 customers 18K Orion customer sites got impacted.
Vinoth Kumar, a cybersecurity expert and bounty hunter posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.
Digital Content Platform also breaches and data loss
U.S. government entities reportedly includes the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service and the National Institutes of Health. Cyber Espionage sponsored by state APT29 or CozyBear was used to compromise these systems.
HealthcareHealthcare industry was not safe from security breaches some of the key breaches in 2020 were:
sBlackbaud: Dozens of Healthcare Entities
This was early 2019 – The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life. 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse.
This industry saw multiple data breaches Marriott had repeat security breaches. Hotel systems has massive customer data, financial information in form of credit or debit cards. This is can easily be turned into profit. That is the specific reason we so many hacks in this industry just like banking. Hotels chains are spread across globe and host ton of customer data and almost always require a debit or credit card. These systems when breached, provide treasure trove of customers data which can be easily monetized.
Power supplies to Johannesburg and Hyderabad were also crippled through ransomware attacks.
Maryland and Atlanta was held hostage to a massive ransomware cyber-attack in the year 2018. The breach shuttered many devices for five days. This had impacted various department interrupted law enforcement, business licenses and it did not spare most busiest airport in USA, and many other disruptions. Ransomware attacks also took out most of Baltimore’s servers and paralyzed its 911 emergency call center in 2018 and it cost them approximately 18 millions.
This cyber attack phenomenon was not just limited to American cities. Dublin’s tram system was disrupted in a ransomware attack, as was Stockholm’s air traffic control and railway ticketing systems. Apart from ransomware, cyber-criminals deploy numerous other techniques including remote execution, signal jamming, as well as traditional means, such as malware, data manipulation and distributed denial of service attacks. Their digital arsenals are sourced from the deep web and their weapons are fully automated, powering attacks that can run 24/7.
