Cyberattacks such as Security Breach Cost $45B in 2018
Hikvision on Credential Stuffing, How to Avoid Being a Victim of this Security Concern
Cyberattacks such as security breach resulted in more than $45 billion in worldwide losses in 2018, according to an article in Security magazine that covered results from the 2018 Cyber Incident & Breach Trends Report released by the Internet Society’s Online Trust Alliance (OTA).
From the report: “Looking at some of the statistics it might seem that 2018 finally brought some cyber incident relief—the number of data breaches and exposed records were down, and both ransomware and DDoS attacks were down overall. Yet the financial impact of ransomware rose by 60 percent, losses from business email compromise (BEC) doubled, cryptojacking incidents (the unauthorized use of others’ computing resources to conduct cryptomining) more than tripled, and there continued to be a steady stream of high-profile data [security] breaches.”
The report also detailed 2018 incident highlights:
- 95 percent of security breaches could have been prevented
- A 3.2 percent decrease in reported breach incidents
- 5 billion records exposed, a 35.9 percent decrease
- The financial impact of ransomware was $8 billion
- A 12 percent rise in business targeted ransomware
The Security magazine article outlined other top report trends:
- As cryptocurrency grows in popularity so does cryptojacking, a type of cyberattack that attempts to mine cryptocurrency. “OTA believes these incidents are increasingly attractive to criminals as they represent a direct path from infiltration to income, and are difficult to detect,” from the article.
- Compromises to business email doubled in 2018 to $1.3 billion in response to cyber-attackers who pretended to be vendors or executives of the company.
- Third-party attacks that involve the supply chain continue to multiply. The well-known Magecart attack in 2018 affected more than 6,400 e-commerce sites.
The article also noted an increase in credential stuffing, which is “when an attacker takes a long list of usernames and passwords and, using an automated script, tries each pair on many popular websites,” according to a recent Hikvision blog on the topic. In that blog, “Hikvision Cybersecurity Director on How Attackers Access Your Accounts Using Credential Stuffing, and Three Tips to Address this Security Concern,” Hikvision outlined what it is and how to prevent it from happening to you.
An excerpt from the blog:
“Almost every day we see headlines about some sort of data security breach. The public is now almost numb to this news and the reaction by the end users whose credentials were lost is typically to reset their password and move on. This is likely not good enough for most people because, according to a January 2019 study by Yubico and Ponemon, 51 percent of the respondents reuse their passwords across multiple accounts.
So why is it bad to reuse passwords across multiple accounts? Because bad guys will take that long list of usernames and passwords from data security breaches, and use them in an attack called credential stuffing. I know, this sounds like a bad Thanksgiving side dish full of conference badges … it’s worse!”
To prevent security breach, Hikvision recommends creating complex passwords that are unique for every site and using multi-factor authentication whenever possible.