If you’re tired of hearing the words ‘data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months of the year compared to H1 2020. The security community witnessed a total of 304.7 million attempted ransomware attacks over the course of that period. That’s up from 304.6 million attack attempts for all of 2020. Those attacks included notable ransomware incidents such as the Colonial Pipeline infection, an incident which disrupted lives by causing gas shortages.
Such growth held steady into the third quarter of the year. According to SonicWall, ransomware attackers registered 190.4 million infection attempts in that time. This attack volume made Q3 2021 the quarter with the highest number of ransomware attacks on record. It almost surpassed the 195.7 million ransomware incidents seen in the first three quarters of 2020. That’s year-over-year growth of 148%, with 470 million ransomware attacks logged through September. SonicWall predicted 714 million ransomware attacks for all of 2021, a 134% increase over 2020.
Data Breach Stress
News of all these ransomware attacks, not to mention other types of security incidents, are stressing out users. That’s what Kaspersky learned in the process of conducting a 2021 survey. The results of the study reveal that news of data breaches stressed out 69% of respondents. (Americans and Canadians felt that pressure equally.) This figure is less than the 75% of survey participants who felt stressed by data compromise in 2018. After dropping to 68% the following year, those levels of stress remained consistent thereafter.
Meanwhile, 64% of digital users said they felt stressed by news of ransomware attacks in 2021.
In the course of conducting its study, Kaspersky discovered that users felt more stress from data breaches, ransomware and security incidents than they did from other events in their lives. To illustrate, 64% of respondents said that someone breaching their bank accounts would cause them the most stress in their modern lives. This was higher than what they said they would feel with life-changing events like losing a job (37%). Similarly, 40% of respondents revealed that losing their phone would be the biggest source of stress in their lives. This eclipsed what they said they’d feel in other events such as suffering a minor car accident and and missing a flight at 19% and 13%, in turn.
Enter Data Breach Fatigue
The sources of stress discussed above are a concern because users are people. As such, users can only handle so much stress before they begin using coping mechanisms. That’s how data breach fatigue enters into the conversation.
Data breach fatigue happens when companies and/or users become desensitized to news of data breaches. Apathy sets in from there. Security teams and users may choose not to take any action to strengthen their digital safety. They may become lax in keeping track of emerging threats. This can leave individual users and organizations more susceptible to data breaches themselves.
If they fall victim to a data breach or other security incident, organizations could suffer additional fallout from there. Watkins Insurance Group noted that consumers might lose their trust in a breached organization. Therefore, they might opt to not do business with them in the future.
There are also the damages that organizations could suffer in the process. In its Cost of a Data Breach Report 2021, IBM found that the average total cost of a data breach had increased 10% from $3.86 million in 2020 to $4.24 million a year later. Those costs varied somewhat depending on organizations’ level of security maturity and whether they added AI, automation, zero trust, the cloud and other initiatives into their strategies. But that general price tag surpasses what most small businesses can afford. When coupled with reputation damages, these financial costs explain why three-fifths of small businesses close their doors within six months after suffering a data breach.
A Lack of Security Awareness
To be fair, not all people are confident they can ensure their own digital security. So, everyday users can’t always take meaningful action on news of a data breach. Just 17% of respondents told Kaspersky that they considered themselves to possess expert or advanced knowledge about digital security. Nearly half (46%) said their knowledge of digital security didn’t extend beyond that of a beginner. That’s down from 52% in 2019. However, it’s still greater than those respondents who felt themselves to be experts in the millennial and Gen X groups at 26% and 12%, in turn.
This lack of knowledge doesn’t always translate into not being able to spot potential attack attempts. About seven in 10 respondents trusted they could spot a malicious SMS text message, for instance. That’s the same proportion of respondents who felt they could identify a spear phishing email. Even so, it could help to explain why users don’t always take steps to protect their information.
How to Protect Against a Data Breach
Fortunately, users don’t need to be experts to protect themselves. They just need to get real with their digital safety.
With that knowledge, users can take certain actions to reduce their stress that comes with digital attacks. Locking down their accounts with multi-factor authentication, freezing their credit reports and reviewing their bank accounts for unauthorized activity can help to bolster their digital defenses. Those measures won’t prevent users from falling victim to a data breach. It will help them to launch a quick response and contain the incident’s impact if and when that ever occurs.
David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Trip...