Highlights
- Globally in 2021, 1 out of every 61 organizations is being impacted by ransomware each week
- Since January 2020 till present, September 2021 has the highest number of attacks – this is more than double the number of attacks weekly when compared to the lowest point in March 2020.
- Education/Research is the most targeted sector globally
October is an important time because it is Cybersecurity Awareness Month, a time that casts the spotlight on the importance of cybersecurity not just locally but across the world. The fight against cybercrime remains. In fact, now more than ever, organizations and individuals have to continue playing their part in keeping cyberspace safe. It is clear that since the outbreak of the pandemic globally, cyber criminals have sprung into action to take advantage of the opportunities presented to them.
In fact, back in June 2021, Check Point Research (CPR) warned how cyberattacks continue to break records globally, having spotted a 70% year-on-year increase in the weekly average number of cyberattacks on US organizations and a 97% year-on-year increase in cyberattacks on EMEA organizations as of May 2021.
Today, we are reporting that globally, there are 40% more attacks weekly on organizations in 2021 compared to what we witnessed in 2020.
In fact, Figure 1 shows that globally, after a slight decrease in the weeks before March 2020, from March 2020, there was a significant increase in the average weekly number of attacks on each organization. In September 2021, the average weekly number of attacks on each organization globally reached its peak with over 870 attacks. This is more than double the number of attacks in March 2020.
Education, government and healthcare sectors most targeted
The sectors which are experiencing the highest volumes of attacks are Education/Research with an average of 1,468 attacks per organization each week (increase of 60% from 2020), followed by Government/Military with 1,082 (40% increase) and Healthcare with 752 (55% increase).
Beware the botnet
A botnet is a network of malware-infected computers that can be wholly-controlled by a single command and control center operated by a cybercriminal. The network itself, which can be composed of thousands if not hundreds of thousands of computers, is then used to further spread the malware and increase the size of the network.
The malware type that impacts organizations the most in 2021 is the botnet with an average of over 8% organizations being impacted weekly (a 9% decrease from 2020), followed by banking malware at 4.6% (a 26% increase) and cryptominer at 4.2% (a 22% decrease).
Africa most targeted, while North America and Europe see highest increase in attacks in 2021 when compared to 2020
Organizations in Africa experience the highest volume of attacks in 2021, as can be seen in Figure 4, with an average of 1,615 weekly attacks per organization. This is a 15% increase from last year. In second place is APAC with an average of 1,299 weekly attacks per organization (20% increase), followed by Latin America with an average of 1,117 attacks weekly (37% increase), Europe with 665 (65% increase) and North America with 497 (57% increase).
Globally, 1 out of every 61 organizations impacted by ransomware each week
In June 2021, we reported that ransomware attacks continue to surge, hitting a 93% increase year over year. In our current report, our researchers see that globally in 2021, on average, 1 out of every 61 organizations is impacted by ransomware each week – a 9% increase compared to 2020. The ISP/MSP sector is the most attacked industry by ransomware this year. The average weekly number of impacted organizations in this sector in 2021 is 1 out of 36 (32% increase from 2020). Healthcare is in second place with 1 out of 44 organizations having been impacted (39% increase) followed by software vendors in third place with 1 out of 52 organizations (21% increase).
APAC is seeing the highest volume of attack attempts by ransomware with 1 out of 34 organizations being impacted every week in 2021. This however is a 10% decrease compared to 2020. This is followed by Africa with 1 out of 48 organizations being impacted (7% decrease) and Latin America with 1 out of 57 organizations (6% increase).
The data used in this report was detected by Check Point Software’s Threat Prevention technologies, stored and analyzed in Check Point ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research – The intelligence & research arm of Check Point Software Technologies.
Organizations worldwide must adopt prevention as a practice, not a philosophy
We recommend the following to organizations worldwide:
- Visibility and Analytics: A zero trust security policy is based on making informed access decisions, and requires deep visibility into the activities performed on corporate devices and networks. Effective zero trust security is based on analytics that constantly monitors, logs, correlates, and analyzes data collected from across the entire corporate IT ecosystem.
- Education: Training users on how to identify and avoid potential threats and attacks is crucial. Many of the current cyber attacks start with a targeted email that does not even contain malware, but a socially engineered message that encourages the user to click on a malicious link. User education is one of the most important defenses an organization can deploy.
- Up-to-date patches: At the time of the famous WannaCry attack in May 2017, a patch existed for the EternalBlue vulnerability used by WannaCry. This patch was available a month prior to the attack and labeled as “critical” due to its high potential for exploitation. However, many organizations and individuals did not apply the patch in time, resulting in a ransomware outbreak that infected more than 200,000 computers within three days. Keeping computers up-to-date and applying security patches, especially those labeled as critical, can help limit an organization’s vulnerability to sophisticated cyber-attacks.
- Be phishing-aware: be wary of clicking on links that look in any way suspicious and only download content from reliable sources that can be verified. Remember that phishing schemes are a form of social engineering so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not cyber criminals.
- Reduce attack surface: A common approach in information security is to reduce the attack surface. For endpoints, you need to take full control of peripherals, applications, network traffic, and data. You need to encrypt data whether it is in motion, at rest, and in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance.
- Adopting a prevention-first approach is the only way to effectively protect against unknown threats. Legacy solutions that rely upon incident detection and response miss novel attacks and respond too late to be able to minimize the damage of a cyber attack campaign.
A crucial first step in preventing cyberattacks is identifying vulnerabilities within your network, which is why Check Point offers a free security checkup service.