If there’s one thing technologists seem to be wary of in the new year, it’s cybersecurity threats.
This morning, Bakery Square-based Hornetsecurity published the latest edition of its Cyber Threat Report — an investigation of common cybersecurity attack methods, threats and risks to certain industries. With Pittsburgh as its North American headquarters since 2017, the international company provides businesses and other customers with AI-driven and cloud-based security and backup solutions. The company also calls itself the leading cybersecurity provider for Microsoft 365.
Cybersecurity threats are on the rise. With the pandemic sending vast numbers of businesses and institutions online, companies are finding themselves ill-prepared for attacks. 2021 brought an onslaught of ransomware and other cybersecurity attacks, in particular, including a vulnerability in the popular internet code Log4j.
“We think raising the awareness of cyber threats is really important for us, not just from a marketing perspective, but also because it is one of the biggest risks companies face nowadays,” Hornetsecurity CTO Yvonne Bernard told Technical.ly. “But many companies are still not aware until it’s too late.”
The Cyber Threat Report aims to establish that baseline awareness, while highlighting the most pressing security threats on the internet today. The latest edition details increased ransomware attacks and email-based threats like spam, phishing, CEO fraud and malware as some of the most prominent concerns for the new year.
While cybersecurity threats may still seem like infrequent events with little impact on the individual, Hornetsecurity’s latest report makes the case for consumers and businesses alike to be concerned with online security measures. The report found that cybercrime is one of the greatest threats to the global economy: In 2020, cybercrime resulted in a shocking $945 billion in financial losses — a number that the report said was nearly double the $600 billion lost in 2018.
Some of the threats today have been around for a while, but Bernard said new variations and methods to achieve the goals of those threats pose an evolving risk to companies that lack cybersecurity protections. But just as the risk is increasing, so is the concern. Across the globe, cybersecurity spending totaled around $133.8 billion in 2020, increasing to $150 billion in 2021.
Still, the prevalence of email threats is concerning, Bernard said, particularly for CEO fraud that mimics an organization’s email in order to glean data from unsuspecting recipients. In collecting data for the report, Hornetsecurity found that a whopping 40% of emails in the time studied were “undesired” as opposed to “clean,” demonstrating just how common this method of threat has become.
Without taking a closer look at a given email address, there’s a risk that employees could easily mistake a fraud message for a legitimate one. With the onset of remote work, “people don’t meet at the coffee machine to ask, ‘did you really send this email?'” Bernard pointed out. “You need a technical solution in place to really filter all of [the malware] you can’t really see as an end user.”
Ransomware, too, is of particular concern to Bernard and her team. The report notes the threat of ransomware leak websites such as REvil, which is one of the top five sites for publishing leaked data — and coincidentally, that group made headlines this week as Russian officials arrested its members. Bernard, however, noted that similar arrests of ransomware groups in the past haven’t prevented their return, and is wary of the remaining millions of dollars that were not seized upon the group’s arrest. (Bernard told Technical.ly that Hornetsecurity’s sources estimated $1 billion per year in revenue for REvil, whereas the Russian authorities found only a little over $5 million.)
Though Hornetsecurity offers resources for companies across the globe to manage these issues, Bernard shared that there’s great potential for its expertise to grow in Pittsburgh, in addition to its other US location in DC. Though the cybersecurity industry isn’t as prominent in the city as robotics and artificial intelligence are, Hornetsecurity —much like those other industries — leverages the talent of local universities and computer science prowess to develop its AI-driven protections.
With the rise of threats detailed in the report, there’s a chance that Hornetsecurity could be the beginning of a foundation for further growth of the industry in Pittsburgh.
Sophie Burkholder is a 2021-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Heinz Endowments.