Busy year for cybercriminals: attacks increased by 50% in 2021

Cybercriminals were able to carry out even more attacks than before

Cybercriminals mostly attack companies and organizations

Last year was particularly busy for cybercriminals. Compared to 2020, the number of attacks per week on corporate networks increased by 50% in 2021.^[1] While cyber security experts are constantly improving their knowledge, criminals are also not sitting still and managed to organize more than several high-level cyberattacks. For example, organizations have suffered from such threats as Colonial Pipeline, Brenntag, Acer, and KASEYA. It is reported that 1 out of every 61 organizations worldwide was impacted by ransomware each week.

At the end of 2021, we saw real fireworks in the field of security when a Log4Shell vulnerability led to millions of cyberattacks. During its peak, as many as 1.8 million attacks against corporations happened, and at least 70 distinct malware families had been launched to exploit the bugs. For this reason, we have been able to observe a real global record: a peak of 925 cyberattacks a week per organization. However, this is just one vulnerability, and the increased number of cyber-attacks has accompanied us throughout 2021.

Although individuals were also affected by attacks, certain sectors were the most popular among threat actors. Check Point researchers state^[2] that among the most popular targets in 2021 were the education and research sector. This area experienced an average of about 1,605 attacks per organization every week and saw an increase from 2020. Of course, the government and military sectors have also been affected by the attacks. According to publicly available information, these sectors had 1,136 attacks per week, with a 47% increase from 2020. The communications industry ranked third, with an increase of 51% or in other words this sector had 1,079 attacks weekly per organization.

Attacks are more common in Africa, Asia and Pacific Countries

You may be surprised, but the geographic location is also important for cybercriminals when they try to choose a potential target. According to the latest data, Africa experienced the highest volume of attacks in 2021.^[3] This continent has suffered a 13% increase in attacks compared to 2020. During one week, Africa experienced an average of 1,582 attacks per organization. It is believed that the main reason why cybercriminals like to choose Africa is its novel approach to cyber threats.

APAC (Asia and Pacific Countries) remained in second place with 1,353 weekly attacks per organization and a 25% increase from the previous year. The other continents were ranked as follows: Latin America – the third place with 1,118, Europe – the fourth place with 670, and North America – the fifth place with an average of 503 weekly attacks per organization. Thus, all countries and continents can become targets.

That is why everyone should prepare properly. After all, cyber attacks can do a lot of damage. These threats can steal data and even identity, start malicious software intrusions, phishing, cyberstalking, and so on. While IT security programs are becoming more advanced, criminals are also constantly improving their cyber threats.

As crime actors are becoming more sophisticated, so does various IT security programs. Therefore, users and companies' employees should educate themselves on the essential steps of cyber safety.

Organizations understand the importance of protecting themselves from cyber-attacks only when they are affected

A significant amount of cyberattacks cause severe damage, impacts organizations' existence, and cause disruptions for victims. Yet, organizations are often unable to deal with such problems properly. They seem to lack a proper framework that could help them to respond quickly when in need and some cases, even avoid disclosing information about the suffered breach. In some cases, even companies' insurance and attorney-client privilege get in the way of full transparency, which creates additional problems.

Recently, in cases involving the world's largest companies, lawyers tend to be involved in any communication that companies make about the breach. As a result, some important information may be withheld. For example, details on the breach assessment, which organizations might be required to carry out, or even information about possible payout nowadays are kept in secret. Therefore, the public never knows the true scale of the cyber attack.