Check Point Research (CPR) is sharing statistics of increases in cyber attacks on organizations in 2021. Last year, CPR saw a 71% increase in cyber attacks per week on corporate networks compared to 2020 in the UAE, and a 50 % increase worldwide. The trend of increasing cyber attacks reached an all-time high at the end of 2021 after revelations of the Log4J exploit, peaking to 925 cyber attacks a week per organization globally, and 408 weekly attacks on organizations in the UAE.
Less than a month after the world witnessed one of the most serious vulnerabilities on the internet, with millions of attacks per hour attempting to exploit the Log4J vulnerability, 2021 been a record breaking year in terms of cyber-security. Back in October, Check Point Research (CPR) reported a 40% increase in cyber-attacks globally, with 1 out of every 61 organizations worldwide impacted by ransomware each week.
Targets
In 2021, education/research was the sector that experienced the highest volume of attacks, with an average of 1,605 attacks per organization every week. This was a 75% increase from 2020. This was followed by the government/military sector, which had 1,136 attacks per week (47% increase), and the communications industry which had 1,079 attacks weekly per organization (51% increase).
Omer Dembinsky, Data Research Manager, at Check Point Software said, “Hackers keep innovating. Last year, we saw a staggering increase in cyber attacks per week on corporate networks compared to 2020. The number of cyber attacks peaked towards the end of the year, largely due to the Log4J vulnerability exploit attempts. New penetration techniques and evasion methods have made it much easier for hackers to execute malicious intentions. What’s most alarming is that we’re seeing some pivotal societal industries surge into the most attacked list. Education, government and healthcare industries made it into the top 5 most attacked industries list, worldwide. I expect these numbers to increase going into 2022, as hackers will continue to innovate and find new methods to execute cyber attacks, especially ransomware. We’re in a cyber pandemic, if you will. I strongly urge the public, especially those in the education, government and healthcare sectors, to learn the basics on how to protect themselves. Simple measures such as patching, segmenting your networks and educating employees can go a long way in making the world safer.”
Preventing the next cyber pandemic – A strategy for achieving better security:
- Prevent attacks before they happen – One of the biggest challenges facing security practitioners is Gen V attacks – the combination of a wide breadth of threats, large scale attacks and a broad attack surface. A security architecture that enables and facilitates a unified and cohesive protection infrastructure is going to provide more comprehensive and faster protection than an infrastructure comprised of pieces that don’t work together. This is the heart of what Check Point Infinity delivers – a security architecture to prevent attacks before they happen.
- Secure your everything as everything is a potential target – To achieve effective coverage, organizations should seek a single solution that can cover all attack surfaces and vectors. One solution that provides broad prevention across all attack surfaces. In a multi hybrid environment, where the perimeter is now everywhere, security should be able to protect it all. Email, web browsing, servers and storage are merely the basics. Mobile apps, cloud and external storage are essential, so does compliance of connected mobile and endpoint devices, and your growing IoT device estate. Workloads, containers, and serverless applications on multi- and hybrid-cloud environments should be part of the check list at all times.
Maintain security hygiene:
- Patching: All too often, attacks penetrate networks by leveraging known vulnerabilities that have a patch that has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
- Segmentation: Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to contain infections from propagating across the entire network.
- Educate Employees to Recognize Potential Threats: Quite often, user awareness can prevent an attack before it occurs. Take the time to educate your users and ensure that if they see something unusual, they report it to your security teams immediately. User education has always been a key element in avoiding malware infections.
- Implementing the most advanced security technologies: There is not a single silver-bullet technology that can protect organizations from all threats and all threat vectors. However, there are many great technologies and ideas available – machine learning, sandboxing, anomaly detection, content disarmament, and numerous more. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Two key components to consider are threat extraction (file sanitization) and threat emulation (advanced sandboxing). Each element provides distinct protection, that when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.