2021 Cybersecurity Year in Review

In 2021, cybercriminals initiated an unprecedented number of high-profile ransomware attacks on the US economy and infrastructure. This year, 300,000 new pieces of malware were created daily, and 63% of data breaches had financial motivations.

Some of the most significant attacks were hot on the tail of 2020 incidents, when remote work combined with lax security protocols resulted in a spike up to 150% from attacks in 2019, along with a 300% increase in the amount paid to attackers. So with those fun facts in mind, here is our 2021 Cybersecurity Year in Review, along with some tips to increase security at your business.

Colonial Pipeline

The DarkSide gang attacked Colonial Pipeline's internal business network and billing system, with demands of $4.4 million in bitcoin.  

Accenture

A hacker group used LockBit ransomware to attack Accenture, capturing company data and threatening to sell insider information, with demands of $50 million in ransom.

Facebook, Instagram and LinkedIn via Socialarks

This data breach exposed the personal information of 500 million Facebook users worldwide. While this breach happened in 2019, the data was compiled into a single database and shared online in early 2021.

Acer

The REvil hacker group attacked Acer’s Microsoft Exchange vulnerability, leaking sensitive documents and images, with demands of $50 million.

JBS Foods

The REvil hacker group is credited with this attack on JBS Foods, with demands of $11 million in bitcoin.

CNA Insurance

The Evil Corp hacker group used the Phoenix CryptoLocker malware to attack CNA Insurance, encrypting 15,000 devices, with demands of $40 million.

Attack on Illinois AG

The Office of the Illinois Attorney General fell victim to a ransomware attack that included the theft and publication of sensitive agency files. The office avoided paying the ransom but ended up spending millions on precautionary measures against future attacks.

Top Tips To Beef Up Your Cybersecurity in 2022 

In some of the cases above the money was recovered, most notably the Colonial Pipeline ransom. In that incident the company reached out to the Federal Bureau of Investigation and they were able to track the activity of the cryptocurrency, but many others were not as lucky. And money is not the only thing lost in events like these. 

Here are a few other top tips that should help you beef up your cybersecurity in 2022.  

• Review Your Disaster Recovery Plan: The first step is to create a disaster recovery plan if you haven’t already. Then, remember to update it as your protocols, procedures and staff members change.
• Enable Multi-Factor Authentication (MFA): Possibly our favorite security upgrade. It’s easy to use with a huge benefit. Some 80 percent of breaches involve stolen or weak passwords, so MFA is essential.
• Backup Data and Test: Comprehensive backups are part of what saves companies when they are hacked. Even if you are lucky enough to avoid a security incident, you should schedule regular backups, keep them organized, and test the backups to make sure that you’re covered.
• Train Staff to Identify Phishing Emails: This is one of the most common vectors for malware, train employees to avoid clicking on links and opening files in emails.
• Identify Targets: Certain employees, platforms, or weak points in your infrastructure may be prime targets, take special care to identify, educate, and protect!

It’s easy to get comfortable with the feeling that cyberattacks are something that happen to big companies, other people, etc., but if you've been paying attention you know it's more likely not a matter of if, but when. Protect yourself and your company, continue to reduce risks where possible, and be prepared with a plan for how to respond if the need arises. And most of all, have a great 2022!