Cybersecurity is front of mind for enterprises right now, with everyone on high alert trying to manage potential threats that carry major reputational and financial risks. Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyber threat data collected and analyzed by expert researchers. As “the world’s most quoted ransomware threat intelligence,” the report is relied on as an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.
Below, we share some of this fascinating and relevant data, with our perspective on what it all means for Hawaiʻi businesses.
Hawaiʻi’s malware risks climb
It may surprise people to know that Hawaiʻi was ranked as the 4th riskiest state for malware just behind Kansas, South Dakota, and Iowa. Our 14 million malware hits look relatively trivial compared to states in the 50, 60, and nearly 90 millions, but looking at our 19% “spread,” which accounts for size, population, and other variables, you can see that Hawaiʻi is an extremely high-risk state for malware. As explained in the report, “If we think of malware volume as being similar to the total amount of rainfall in a given region, then malware spread percentage could be compared to the probability of precipitation, or ‘chance of rain,” meaning that any given Hawaiʻi organization has a 19% of being a malware victim. While the report doesn’t pinpoint underlying causes of these malware vulnerabilities, delayed technology adoption and legacy infrastructure in our state may be potential risk factors.
This startling finding may allude to our state’s collectively under-developed cybersecurity posture. Cybersecurity has been top of mind for organizations nationally and globally, but Hawaiʻi has been slow to adopt advanced practices and solutions, leaving our organizations vulnerable to increasingly resourceful cyber attackers. Armed with these hard facts, Hawaiʻi leaders should recognize the looming risk of malware and make cybersecurity a priority.
Record-breaking ransomware
SonicWall recorded 623.3 million global ransomware attacks in 2021, up 105% from 2020 and 231.7% from 2019. The 2021 statistic translates to nearly 20 ransomware attempts every second.
Two of the year’s most infamous attacks hit in May of 2021, involving the U.S.’s largest fuel pipeline, Colonial Pipeline, and the world’s largest meat producer, JBS Foods. Attackers stole nearly 100 GB of data from Colonial Pipeline, triggering a six-day outage and consequent fuel shortages and public panic. In the JBS Foods attack, the company was forced to disrupt operations in the U.S., Canada, and Australia before paying out $11 million in ransom.
The Colonial Pipeline attack originated from a single compromised password, and the JBS attack stemmed from a weak password on an old administrator account. The most painful part of these devastating attacks is that experts suggest they could’ve been prevented with simple password hygiene and multi-factor authentication.
Ransomware strategies persist and evolve
The report notes that business email compromise attacks or “BECs” persist as an increasingly common and effective form of attack. This is when an attacker “impersonates” an executive by mimicking their email address and then emails requests to junior staff, such as wiring money or purchasing gift cards. These attacks are not sophisticated, but they are highly lucrative. The FBI reported losses of roughly $1.8 billion in 2020. Keeping in mind that most of these individual losses, likely happening at small companies for $50 or $100 a pop, go unreported, this number is staggering and is expected to only rise in 2022.
SonicWall’s researchers also identified a new ransomware strategy that they refer to as “triple extortion, an evolution of the “double extortion” attack. Triple extortion occurs when attackers compromise data and threaten to release it, while also sifting through the data, figuring out which entities are most vulnerable, and demanding ransom from them individually, in addition to the original target company.
Hawaiʻi: Pacxa and SonicWall
The perception that Hawaiʻi is safely insulated from cybercrime given our remote geography is, unfortunately, untrue. Of course, Hawaiʻi businesses are also national and global businesses. Cybercrime impacts local businesses daily and poses catastrophic threats to our economy. Cyberattacks are only becoming more common and more advanced. Hawaiʻi organizations must proactively protect themselves with the latest technologies and best practices.
As a SecureFirst Silver Partner, Pacxa holds in-depth expertise in SonicWall’s various cybersecurity products and solutions. Find more information here about steps your company can take to be as proactive as possible.
Read the full 2022 Cyber Threat Report here.