2021 was a record-breaking year for cybercrime. The frequency of cyberattacks increased by 93% that year. In response, many companies chose to accelerate their digital transformation.
But part of the reason cybercriminals had such success in 2021 was the haphazard digital response many organisations had to the COVID-19 pandemic.
This is more than a little ironic. Because one of the most important results of true digital transformation is better cybersecurity than you started out with. Not worse.
If we’re going to avoid this situation happening again, we need to understand what these record-breaking cyberattacks were and how to avoid them in future:
What were the most common cyberattacks in 2021?
Cyberattacks come in many different flavours. The most common of these in 2021 were:
- Phishing and whaling
- Malware
- The subset of malware called ransomware
- Social engineering attacks
- Distributed Denial of Service (DDoS) attacks
Ransomware attacks saw the biggest growth over levels in previous years. Ransomware is a kind of software called malware (“mal” means “bad” in Latin).
In a ransomware attack, bad actors gain access to a business’s data and encrypt it. This leaves organisations unable to access their files, view client data, or use applications. It’s called ransomware because hackers then want you to pay money – a “ransom” – to regain access.
Ryuk, SamSam, and Cerber were the biggest ransomware variants of 2021. Yet they were far from the only kinds of malware to see extensive use and success in damaging businesses.
Phishing (and its highly targeted subset “whaling”) relies on social engineering techniques to spoof legitimate-seeming emails, tricking team members and executives into handing over valuable data or actual money.
Why was 2021 such a big year for cybercrime?
The conditions of 2021 created something of a perfect storm for cybercrime. The year brought together:
1) Unusual conditions around COVID-19
During 2020 and 2021, many businesses without a digital transformation strategy suddenly launched themselves into the digital space. They needed to enable their teams to work from home during the pandemic, continue to offer services, and follow the consumer trend in that direction.
Unfortunately, having no plan and often very little expertise in place meant there were suddenly huge cybersecurity holes in the way these organisations now operated.
Sadly, this meant thousands of businesses saw major disruptions to the way they worked or had to spend serious chunks of capital on fixes or outright paying ransoms.
2) Hacking techniques and technology are always improving
The techniques and technologies hackers use are always being improved and innovated. Thought you’d heard of everything-as-a-Service already? Prepare to be surprised. Ransomware-as-a-Service (RaaS) is genuinely a thing.
In 2021, it had never been so easy for someone to suddenly decide they wanted to become a hacker. The software is available cheaply or even freely and frequently doesn’t need much in the way of technical skill to use.
The technology behind these tools is much better too. In the old days, cybercriminals could encrypt the occasional file. Today, they can encrypt an entire disc or network.
Who was affected by cyberattacks in 2021?
Here are some of the highest-profile data breaches and cyberattacks that affected global organisations in 2021:
- Government departments – are the major target of cybercrime. The Washington D.C. Police Department refused to pay a $4 million ransom to prevent the release of sensitive criminal data. This led to a huge data release that the department was powerless to stop.
- Acer – the Taiwanese computer manufacturer was hit by a ransomware gang in 2021, allegedly being held hostage for the largest demand in ransomware history – $50 million.
- CD Projekt Red – the Polish video games giant had source code from various projects stolen and suffered serious disruption to its online game services.
Data security as a company culture shift
Stories like these are driving businesses in every industry to start handling their digital transformation in a more professional, structured way. Especially now that remote working has become such a talent draw – vital in a candidate-led jobs market like the UK’s current one.
More than ever before, organisations in every field are realising the need to make data security a part of their culture. Naturally enough though, team members and even c-suite executives don’t necessarily understand this sort of thing unless it’s already in their wheelhouse.
This requires education and team training. It also means a cultural shift throughout the company. An organisation’s digital transformation needs to get buy-in from everyone if it’s going to be successful.
Start reaping the rewards of digital transformation
There are also some industries – the food and hospitality and construction sectors, for example – where cybersecurity is still far less likely to be a high priority for organisations.
This leaves huge gaps for bad actors to exploit. But it also creates many opportunities for businesses in those fields and beyond to get ahead of their competition.
Because a well-planned digital transformation brings huge benefits to a business. One is that strong cybersecurity credentials have become a big draw for consumers waking up to the threat cybercrime poses to them – and choosing businesses that take the threat seriously to buy from.
Want to take your first steps towards a cyber secure digital transformation?
Let’s talk. Dial A Geek has already helped nearly 1000 businesses in and around Bristol master their use of technology.
Find out how we can help your business specifically today with a cost and commitment-free chat with Chief Geek Gildas Jones.