Cybercriminals made a whopping $600 billion last year, a 32% increase on the previous year. The detail has been announced by RiskIQ in their latest Evil Internet Minute report. If cybercrime was measured in GDP, it would be the 24th biggest economy in the world. That is the equivalent of Sweden or Taiwan.
By comparison to the profits being made by cybercriminals, organisations spent just $90 billion to protect their data and assets. This represents a miserly $171,233 per minute, just 20% up on the previous year.
What it shows is that while businesses are increasing their cybersecurity budgets, they are unable to keep pace with the profits being made by cybercriminals. Every minute, organisations fall victim to ransomware, malware, scams and IP theft.
Meanwhile, attackers seem to carry on as if it were business as usual. This is despite the takedown of several major hacking rings and the capture of some high profile individuals.
RiskIQ CEO Elias Manousos said: “As the internet and its community continue to grow at a rapid pace, the threat landscape targeting it grows at scale as well. We made the vast numbers associated with it more accessible by framing them in the context of an ‘internet minute’.
“Leveraging the latest research as well as our own global threat intelligence, we’re defining the sheer scale of attacks that take place across the internet to help businesses better understand what they’re up against on the open web.”
What else did RiskIQ discover about cybercrime?
Hackers are increasing their attacks against SMEs in the last year. They see them as an easier target than larger organisations. SMEs are increasingly embedded into the IT systems of larger customers and suppliers. Breach the SME and you have a route into the enterprise. It is called a supply chain attack and they are becoming more common.
RiskIQ says that attacker motives include: “monetary gain, large-scale reputational damage, politics, and espionage.” In the last year, RiskIQ has seen 1,274 pieces of unique malware and more than nine malvertisements each evil internet minute. That’s right. Every single minute.
Other stats from RiskIQ include:
- 1.5 organisations fell victim to ransomware attacks every minute with an average cost to businesses of $15,221
- .17 blacklisted mobile apps
- .21 new phishing domains
- .07 incidents of the Magecart credit card skimmer
- .1 new sites running the CoinHive cryptocurrency mining script
- 4 potentially vulnerable web components discovered
What does this mean
Cybercrime is getting easier. Defending the enterprise is not just about outspending the cybercriminals, it is about how that money is used. However, the lack of skills, the lack of companies spending on training their technical staff and sponsoring them to gain professional qualifications is not helping at all.
There is light on the horizon. HR teams are beginning to abandon their long held belief that white collar and technical jobs require a degree. This is beginning to ease the skills shortages as companies realise it is easier to teach academic subjects than problem solving. There is also a slow but steady increase in other disciplines bringing soft skills to cyber defence teams.
Organisations are still failing at basic cyber hygiene. While employees, including the c-suite, continue to click on phishing emails, cyber defences will be overcome. The solution is for everyone to take responsibility for their own digital actions. If not, next year we are likely to see over $1.5 million lost to cybercrime ever single minute.