The 2021 Cybersecurity Round Up You Need to Stay Informed
2021 was a monumental year for the cybersecurity field as record numbers of breaches, startling statistics, new legislative initiatives, and more played out over the last 12 months.
We’ve sifted through the dozens of headlines to bring you a comprehensive round-up of cybersecurity news, lessons learned, and how to pivot your cybersecurity posture for the new year
Cybersecurity Statistics of 2021
Here’s a quick snapshot of 2021 in terms of cybersecurity statistics:
- The overall number of data breaches in 2021 surpassed that of 2020: 1,291 reported by the end of Q3 of this year compared to 1,108 total breaches in 2020
- 97% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain
- The US Treasury said that it has tied $5.2 billion in BitCoin transactions to ransomware payments
- Data breaches now cost surveyed companies $4.24 million per incident on average—the highest cost in 17 years
- The average time to detect and contain a data breach was 287 days
- Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million)
- Healthcare breaches had the highest average cost at $9.23 million per incident, which is a $2 million increase from 2020
These statistics are just the tip of the iceberg and reflect an urgent message that cybersecurity efforts must be taken seriously.
Top Cybersecurity Breaches from 2021
As cyber attacks continue to grow in sophistication and frequency, there were hundreds of breaches that took place this year, including:
SolarWinds, a software company, was the entry point for attackers, but numerous companies were impacted by this attack including Cisco, Intel, Nvidia, Belkin, Qualys, Microsoft, FireEye, Malwarebytes, Palo Alto Networks, and Cox Communications.
In fact, more than 18,000 companies were affected by this attack, making it the largest supply chain cyber attack in history. This hack began in 2020 when attackers planted malicious code that went undetected for months and allowed attackers to gather sensitive information and access to thousands of files.
Colonial Pipeline System
Earlier this year, all across the southeast region of the country, gas stations fueled by the Colonial Pipeline system were running on empty. A ransomware attack brought down 5,500 miles of pipeline.
The Department of Energy, Department of Transportation, the FBI, and more government agencies were involved and the shortage lasted for almost two weeks as they had to quickly shift operations from pipeline to individual tanker trucks to ship fuel.
This attack, attributed to the DarkSide ransomware group, impacted thousands of people who were frantic about gas shortages.
A vulnerability was recently found in Java-based Log4j, an open-source logging software found in nearly every part of the global internet. If left unresolved, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
This is particularly dangerous because the software is nearly ubiquitous on the Internet and across applications, ranging from the video game Minecraft, Apple, Google, Amazon, and thousands more.
As of the writing of this round-up, this vulnerability was ongoing and hundreds of attackers were attempting to exploit it.
Cybersecurity Legislation Passed in 2021
As cybersecurity attacks continue to disrupt global supply chains, individual privacy, and overall operations across all sectors, some legislative initiatives were introduced this year to fortify cybersecurity measures:
Cyber Incident Notification Act of 2021
This Cyber Incident Notification Act of 2021 would mandate reporting cyber incidents that impact critical infrastructure to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours.
This includes federal agencies, government contractors, hospitals, utility companies, financial services, and more to report cyber attacks to CISA. If any covered entity—or organization who would be required to report—fails to report or violates the Act, a penalty of up to .5% of the organization’s gross revenue will be levied against them per day that the violation continues.
The U.S. Government Is Prepared to Sue If Breaches Aren’t Reported
This news is adjacent to the Cyber Incident Notification Act of 2021 but comes from another perspective: the U.S. Justice Department is prepared to sue contractors or other organizations who receive federal funding but don’t report—or misrepresent—their cybersecurity practices.
Their basis comes from a statute in the False Claims Act that permits legal action over misused federal funds. The purpose of taking such action is to hold federally-funded organizations accountable with the reporting of breaches and ensure these organizations are in compliance with mandated cybersecurity measures.
Overall, the threat of legal action from the U.S. government should improve national security efforts and ensure accurate reporting of breaches or attacks.
K-12 Cybersecurity Act of 2021
As the name of this piece of legislation might suggest, the K-12 Cybersecurity Act of 2021 requires CISA to analyze the cybersecurity risks and measures that affect elementary and secondary schools utilizing online learning.
Over the course of the pandemic, millions of students turned to virtual learning as a means to safely continue their education, but proper cybersecurity standards need to be in place. This Act is a critical step of that process to secure the digital learning environment.
Cybersecurity Developments Made in 2021
Here are a couple of major cybersecurity developments that happened this year:
AI and Its Uses in Cybersecurity
Artificial Intelligence continues to rapidly advance in its capabilities and availability in the cybersecurity field. Artificial neural networks (ANN) amplify the capacity of artificial intelligence machines which means these AI programs can internalize and analyze immense quantities of data in a moment compared to a human manually studying the same data set.
With machine learning, cybersecurity initiatives can be automated with great accuracy and potential threats can be spotted faster than ever before.
Securing the Internet of Things (IoT)
As the Internet of Things (IoT) continues to rapidly expand with more connected and “smart” devices than ever before—with a predicted $340 billion market by 2024—the IoT faces tremendous challenges in keeping these devices secure and private.
The IoT Cybersecurity Improvement Act of 2019 sets forth increased standards for devices that pertain to the government. While this might seem like a limited scope of legislation from almost three years ago, it’s setting a trend for all IoT device manufacturers to boost the security of their products.
Stay Ahead of Attacks in 2022 with Compuquip!
If these statistics or recaps of major cybersecurity events of 2021 were alarming, then it’s time to ensure the cybersecurity measures at your enterprise are in place for 2022 and beyond.
As attacks continue to evolve and affect all industries, it’s more important than ever to have a fortified cybersecurity posture that protects your network and digital assets—not to mention your reputation.
Partner with Compuquip to secure your enterprise against a plethora of potential threats. With more than 40 years of experience, Compuquip has been trusted to manage cybersecurity needs, provide security solutions, and work with enterprises to strengthen their cybersecurity posture.
Contact us today to learn how we can help your organization start the new year with peace of mind.