Losses from cybercrime

Main article: Cybercrime in the world

Bank losses from cybercrime

Main article: Losses of banks from cybercrime

Banks are the biggest targets of cybercriminals. Information on the losses of financial institutions is included in a separate article.

2023

Russian President Vladimir Putin: Damage from IT crimes for the year exceeded 156 billion rubles

In 2023, about 680 thousand crimes using information technology were committed in Russia, which is 30% more than a year earlier. The damage from them exceeded 156 billion rubles. Russian President Vladimir Putin announced this on April 2, 2024 at a meeting of the board of the Russian Ministry of Internal Affairs.

According to the head of state, it is necessary to seriously improve the mechanisms for combating IT offenses, to work ahead of the curve. The President also urged to continue to seek an increase in crime detection.

About 680 thousand crimes using information technology were committed in Russia

In February 2024, the Ministry of Internal Affairs of the Russian Federation reported that 2023 thousand were recorded in the country in 677. IT crimes against 522.1 thousand a year earlier. According to the ministry, the number of offenses using the Internet in 2023 increased from 381 thousand to 526.7 thousand. This is followed by crimes committed using mobile communications and plastic cards. The number of offenses using computer equipment, software and fictitious electronic payments has also increased.

It also follows from the statistics of the Ministry of Internal Affairs that the proportion of IT crime cases increased from 26.5% to 34.8%. More than half of the registered illegal acts using information technologies belong to the categories of grave and especially grave.

The Ministry of Internal Affairs listed five regions that, at the end of 2023, were leading in terms of growth in the number of IT crimes: the Nenets Autonomous Okrug, Kalmykia, Ingushetia, Novgorod and Kaliningrad regions.

According to the Ministry of Internal Affairs, in 2023, 21 more IT crimes were solved in Russia than a year earlier. Their prevention is still one of the most important tasks of the internal affairs bodies, the department emphasized.

The total increase in the number of registered crimes using IT is due to a large number of various cyber attacks committed on information systems and infrastructure of the Russian Federation, Rosbank told Izvestia.^[1]

Hackers created more than 1000 fake sites and in 3 months stole $5 million of cryptocurrency from users from Russia and the CIS

On June 6, 2023 Japanese , the developer of solutions for cyber security Trend Micro published the results of an analysis of a large-scale fraudulent campaign, during which more than 1000 sites were involved. Attackers in about three months stole about $5 million in form from users from Russia and the CIS. cryptocurrencies More. here

The Central Bank disclosed the amount of cyber fraudsters stolen from Russians in the first quarter - 4.55 billion rubles

In the first quarter of 2023, a record was set for the theft of funds from bank customers - about 4.55 billion rubles, and about 12% of them occurred through the fast payment system (SBP). The Central Bank of the Russian Federation cited such data in early June 2023.

According to the statistics of the regulator, in January-March 2023, fraudsters managed to carry out 252.1 thousand operations without the consent of customers. The attackers stole the most money through transfers using online banking, including borrowed funds.

We see that fraudster schemes are becoming more difficult, they actively use social engineering methods, forcing citizens to voluntarily give their funds, and use new deception techniques. To counter attackers, we will continue to improve our regulation, "said Vadim Uvarov, Director of the Information Security Department of the Bank of Russia.

Of the stolen 4.5 billion rubles in the first quarter of 2023, Russian banks were able to return only 4.3% of the funds to customers. A year earlier, that share was higher at 6.2%. The Bank of Russia has repeatedly explained that such a low level of return of stolen funds is associated with a high share of social engineering, when citizens independently transfer funds to cybercriminals or disclose bank data. In such cases of theft, banks are not required by law to return money.

According to the Central Bank, in January-March 2023, the activity of criminals on the Internet compared to the same period in 2022 is more than 2.5 times. At the request of the regulator, 8300 phishing sites disguised as resources of various financial organizations were blocked. In addition, in the first quarter of 2023, the Central Bank initiated the blocking of almost 97,000 telephone numbers from which fraudsters called.^[2]

Companies in Russia lose 18 million rubles on each incident of interception of control of network equipment

In April 2023, RTK-Solar presented the results of a study of network threats to Russian business. According to experts, the most expensive incident was the interception by an external attacker of control over the company's network equipment - the losses from it were estimated by experts at 10.7 million rubles, and the cost of recovery - 7.9 million rubles.

RTK-Solar asked the study participants to assess the danger of various network security incidents and the financial losses associated with them. 70% of respondents noted the danger of malicious infection of the network and infrastructure segments. ON When this incident occurs, the organization on average loses almost 11.5 million rubles (6.7 million rubles of damage from the incident itself and 4.4 million rubles of infrastructure restoration costs). For the largest companies, these figures are even higher: 77% noted the danger of network infection, and losses and recovery costs in this segment were estimated at 17.1 million rubles (9.4 million and 7.7 million rubles, respectively). The danger of compromising infrastructure and intercepting control of network equipment was noted by 64% of companies. Losses from these incidents amount to 6.6-6.9 million rubles, restoration costs - 4.5-4.6 million rubles.

Surveyed representatives of companies noted that targeted attacks are the most common type of threats in the field of network security (35%). These attacks are especially relevant for medium (48%) and large companies (36%), as well as government organizations (33%). 36% of the largest companies faced attacks on control protocols of systems. In other segments, this type of threat was much less common. For state organizations, the most urgent network threat was the theft of personal data - it was named by 47% of respondents from the public sector. In addition, Russian organizations participating in the study most often encountered phishing, corporate mail compromise, data loss, attacks on web applications, etc.

2022

FBI published a list of the most popular online crimes and the loss of Americans from them

In 2022, Americans lost more than $10 billion due to various fraudulent schemes and crimes on the Internet. This is stated in a report published in early March 2023 by the US Federal Bureau of Investigation. Read more here.

American clothing and underwear manufacturer HanesBrands lost $100 million due to cyber attack

American clothing and underwear manufacturer HanesBrands lost $100 million in sales due to a cyber attack. This became known on August 11, 2022. Read more here.

2021

The most "aggressive" ransomware viruses in Russia have been named. Loss amounts

On November 24, 2021, Group-IB named the top three most "aggressive" ransomware viruses attacking Russian business. The list includes ransomware Dharma, Crylock and Thanos. Read more here.

The most common cybercrimes in the United States for a total loss of $4 billion

Russian companies began to buy out their own data from hackers more often

In November 2021, it became known that Russian companies began to buy their own data from hackers more often. This trend is observed by Positive Technologies experts. They associate the situation with the boom in ransomware viruses and the development of the cryptocurrency market.

According to Kommersant, citing a survey conducted by Positive Technologies among 250 information security specialists, 16% of respondents in 2021 paid a ransom based on targeted hacker attacks. In 2019, when such a survey was last conducted, no one agreed to payments.

According to Positive Technologies, in 2021, a third of the companies surveyed were subjected to cyber attacks. Hackers were interested in the financial sector, enterprises of the fuel and energy complex and government agencies.

According to Oleg Skulkin, head of the Group-IB computer forensics laboratory, in two years hackers attacked not only large corporations, but also representatives of medium and small businesses. On average, the attackers demanded about 3 million rubles from them.

Kaspersky Lab chief expert Sergei Golovanov added that most large companies refuse to pay and involve experts to respond to the incident. Small organizations agree to the buyback - especially if the requested amount does not exceed the amount of damage from the loss of data and the cost of restoring it. The size of the ransom depends on the scale of the business and can be both several hundred thousand and tens of millions of rubles, Golovanov said.

Fraudsters in Russia do not use public websites to post data of victims who refused to pay ransom. Also, according to experts, not a single open auction has been marked, where stolen data would be put up for sale. Attackers more often present evidence of uploads directly during negotiations with the victim.^[3]

The most unprofitable cyber attacks for Russian companies, the amount of losses

In October 2021, Kaspersky Lab announced the most expensive types of cyber attacks for Russian business. The most expensive companies are the so-called targeted or targeted attacks - one such incident leads to losses of large companies on average of $695 thousand, and small and medium-sized businesses lose about $32 thousand.

Targeted attacks mean those cases when attackers purposefully attack a specific company: conduct reconnaissance and select tools for an attack based on the characteristics of the victim. In January-October 2021, about 35% of organizations in the Russian Federation faced such cyber incidents, according to Kaspersky Lab.

As the managing director of Kaspersky Lab in Russia and SNGMikhail Pribochiy noted, targeted attacks pose a serious risk to business, so it is better for companies to use endpoint security solutions in combination with tools to detect threats that bypass traditional security tools to minimize risks.

Among the other most expensive attacks, experts named:

• misuse of IT resources by employees (damage reached almost $510,000 for a large company and more than $30,000 for a small one);
• non-compliance with internal information security policies ($465,000 for a large company and almost $30,000 for a small one);
• DDoS attacks (almost $463,000 for a large company and more than $28,000 for a small one).

According to Kaspersky Lab, on average, Russian companies allocate about 16% of the total budget for the IT sector for information security (more than $121,000). In three years, this value may increase by 9% and exceed $132,000.^[4]

A member of a hacker group who lured $150 million with ransomware viruses was detained in Ukraine

In early October 2021, law enforcement agencies of Ukraine reported the detention of a hacker who, by his criminal actions, caused damage to foreign companies totaling $150 million.

To search for the attacker, a large-scale international operation was organized with the participation of the Department of Cyber ​ ​ Police of Ukraine, the Kyiv City Prosecutor's Office, Interpol, Europol, law enforcement agencies of France and the United States. The attacker turned out to be a 25-year-old citizen, spread a ransomware virus.

Viral software came to corporate technology by hacking a program for remote operation of a user with a computer (server), as well as through spam mailings to corporate email mailboxes of emails with malicious content. In total, the hacker carried out attacks on more than 100 foreign companies in North America and European countries, the Ukrainian cyber police said.

The list of victims includes well-known companies in the field of power and tourism, as well as an electronics manufacturer. The hacker informed his victims about the possibility of restoring access to data exclusively after providing him with a ransom. A series of similar crimes caused large losses by companies around the world. It is known that hackers demanded a ransom of up to 70 million euros from victims.

As established by law enforcement officers, the man had an accomplice who helped to withdraw money obtained by criminal means. With the involvement of the special forces of the TOP patrol police, searches were carried out at the place of residence of the defendant and in the houses of his loved ones. According to the results, computer equipment, mobile phones, vehicles and more than $360 thousand in cash were seized. In addition, $1.3 million was blocked on the cryptocurrency wallets of the swindler.^[5]

Russian Foreign Ministry: World damage from cybercrimes may reach $6 trillion

On August 2, 2021, information appeared that the global damage from cybercrimes 2021 could significantly increase in comparison with previous years. This was reported in an article by the director of the Department of International information security Russian Foreign Ministry Andrei Krutskikh and Third Secretary of this structure, Airat Khamidullin, published in the journal International Life.

The structure calculated the possible losses of the global economy from cybercrimes. According to the Foreign Ministry, in 2021, the damage from the actions of hackers may reach $6 trillion. The COVID-19 epidemic, due to which people moved to the online space, had a significant impact on the growth of such crime, Krutskikh and Khamidullin say.

"At the same time, the specificity of ICT crimes lies in the fact that they are committed remotely, often from the territory of other countries, and not a single state in the world is able to fight them alone," the article says.

Krutskikh and Khamidullin stressed that the tense situation in the cyber sphere is associated with the shortcomings of the modern system of international cooperation on relevant issues.

The results of computer attacks can be "very destructive" and even lead to disasters, including in the field of national security. Most IT criminals, on the other hand, operate for financial gain.

Russia, according to diplomats, is ready for comments on the draft global convention on countering the use of the Web for criminal purposes.^[6]

Supply chain disruptions cost big companies $184m a year

On June 25, 2021, information appeared that supply chain failures cost large companies an average of $184 million per year. This is the conclusion reached by specialists from the research firm Vanson Bourne, conducting a survey on behalf of the Washington-based operating stability company Interos.

In the course of the study, almost all (94%) 900 surveyed senior IT specialists, INFORMATION SECURITY experts and specialists responsible for procurement the American the European in and companies confirmed that failures supply chains in negatively affected income. These failures include hacker hacks, financial risks, ESG problems (Environmental, Social, and Corporate Governance -, ecological social and corporate governance).

Beyond revenue, supply chain disruptions are also having a bad impact on public opinion. Failures in supply chains have damaged the reputation of their companies, 83% of respondents said.

"The results of our survey highlight the growing importance of supply chain operational sustainability in the globally interconnected world in which we all live and operate. There is no longer a clear separation between digital and physical supply chains, which creates the need for greater transparency of hidden risks, relationships and dependencies in supply chains, which companies recognize as critical to protecting both net profit and reputation, "said Interos head Jennifer Bisceglie.

After recent high-profile ransomware attacks, ON including Colonial Pipeline hacks and, it is not JBS surprising that in 2020, three-quarters (77%) of those surveyed faced at least one per cyber attack their supply chain.

As supply chain cyber attacks and a host of other factors increase instability, corporate leaders recognize that supply chain security and sustainability must become a major business priority. Half of the respondents (50%) believe that in two years this will be the top priority of their business. This shift is reflected in the increased frequency of board meetings to discuss supply chain risks. According to 78% of respondents, their boards of directors hold meetings on this topic at least once a month.

While many organizations make supply chain risks and operational sustainability key business priorities, full adoption of new technologies for rapid risk mitigation, such artificial intelligence as/and data , analytics is lagging behind. Only a third (34%) of organisations regularly assess their global supply chains.^[7]

Growth in company spending on recovery from ransomware virus attacks to $1.85 million

According to a study published by Sophos the information security company at the end of April 2021, the average business spending on post-recovery - in the attacks virusesextortioners world, on an annualized basis, more than doubled. By the beginning of 2020, they amounted to $761,106, and a year later - $1.85 million. The average ransom to the organizers of such attacks that block the operation of computers exceeded $170 thousand. More. here

Ministry of Internal Affairs: Damage from economic crimes reached 450 billion rubles

The total damage from economic crimes Russia in 2020 reached 450 billion. rubles This was announced by the head of the laboratory of computer forensics of the company Group-IB Valery Baulin with reference to the data. MINISTRY OF INTERNAL AFFAIRS More. here

2019

Losses of the Russian economy from the activities of hackers amounted to about 2.5 trillion rubles

According to Sberbank, the losses of the Russian economy from the activities of hackers in 2019 amounted to about 2.5 trillion rubles. In 2020, this figure may increase to 3.5-3.6 trillion rubles due to the projected increase in the number of cyber fraud by 40%. At the same time, in 2018, the loss amounted to 1.5 trillion rubles, Sberbank reported on January 28, 2020.

One of the main cyber threats, according to experts, is DDoS attacks. In general, the number of cybercrimes is growing at a rapid pace. In the first 8 months of 2019 alone, this figure, according to the Prosecutor General's Office of Russia, increased by almost 67%. While illegal actions offline grew much more modest: thefts - by 3.5%, serious crimes - by 16.7%, and cases of robberies and robberies decreased by 7.9% and 8.9%, respectively.

The departure of crime into virtual reality, according to experts, can be a serious blow to business, regardless of which industry the company operates in. Experts record the interest of cyber fraudsters not only in banking, financial and IT organizations traditional for them, but also, as follows from the Positive Technologies report, in the industrial sector.

World economy loses $1 trillion a year to hackers

On December 7, 2020, McAfee partnered with the Center for Strategic and International Studies (CSIS) to release a new global report titled "The Hidden Costs of Cybercrime," focusing on significant financial and other seemingly implicit losses due to cybercrime. The report says that due to hackers, the global economy loses at least $1 trillion annually, or just over 1% of global GDP, which is more than 50% more than in 2018.

Theft of intellectual property and monetary assets is detrimental, but some of the most undervalued costs of cybercrime are associated with damage to the company's activities, including:

• System downtime. Downtime is common for about two-thirds of organizations surveyed by McAfee and CSIS. The average cost of downtime for organizations in 2019 was $762,231. 33% of respondents said that incidents in the field of IT security that lead to system downtime cost them from $100 thousand to $500 thousand.

• Reduced efficiency. As a result of system downtime, organizations lost an average of 9 working hours per week, which led to a decrease in efficiency. The average break in activity is 18 hours.

• Incident response costs. According to the report, most organizations took an average of 19 hours to move from incident detection to resolution. Many security incidents can be dealt with in-house, but in the case of serious cyber attacks, advice from outside is often required, costing companies quite a lot.

• Damage to brand and reputation. Restoring the external image of the brand, working with external consultants to reduce damage to the brand or hiring new employees to prevent incidents in the future also involves significant costs. 26% of respondents confirmed the damage caused to the brand as a result of a cyber attack.

According to the report, 56% of companies surveyed said they had no plan to both prevent and respond to cyber incidents. Of the 951 organisations that did have a response plan, only 32% said it had proven to be truly effective.^[8]

Losses of Ukrainians from cybercrimes calculated

In 2019, the losses of Ukrainians from the actions of cybercriminals amounted to UAH 25.5 million (about $1 million), according to the Ukrainian cyber police.

In total, law enforcement agencies received 20,567 appeals from citizens related to theft and fraud in cyberspace. 701 appeals came from people who complained about deception through payment systems. Among them:

• Theft (Article 185 of the CC of Ukraine) - 159 appeals.
• Illegal actions with information that is processed in computers, automated systems, committed by a person who has access to it (Article 362 of the CC) - 362.
• Illegal actions for transfer, payment cards and other means of access to bank accounts (Article 200 QC) - 180.

According to the statistics provided, the amount of reimbursed losses initiated on the grounds of fraudulent actions that were made using information technologies, taking into account the seizure or seized property, in 2019 reached UAH 12.5 million (those that relate to cyber police - UAH 5.1 million).

The cyber police listed the main schemes used by cyber fraudsters in Ukraine:

• Phishing is a reference to fake emails with malicious software;
• Vishin - using mobile communications to steal personal and payment data;
• Use of bank cards and payment systems, including borrowing money from financial institutions;
• Non-real online stores that sell non-existent goods and ask for prepayment;
• Imitation of the sale of goods or services through an online auction, virtual bulletin boards;
• Imitation of winning a lottery or prizes;
• Not real services for transferring money or replenishing mobile phones.^[9]

For 2020, the cyber police have identified 9 strategic goals for themselves, which are divided into 36 strategic initiatives. Among them are building a system work on a legislative initiative in the field of cybersecurity, creating a secure infrastructure for working with sensitive data, implementing a service infrastructure for working with active users, etc.

Cybersecurity Ventures: Cyberattacks occur every 14 seconds around the world

Cybersecurity Ventures' international cybersecurity experts estimate that in 2019, the world's cyberattacks occur every 14 seconds. In 2019, the number of cases of fraud using social engineering technologies will also continue to grow in the world - according to the results of 2018, Sberbank specialists have already noted an increase in this type of crime by 6%. In 2019, one of the main challenges will also be corporate data leaks as a result of targeted attacks on their employees.

As the number of cyber attacks increases, so does the damage they cause. If in 2018 the losses of companies in various sectors of the economy amounted to $1.5 trillion, then in 2019, according to the forecast of Sberbank, they will reach 2.5 trillion. By 2022, according to the forecast of the World Economic Forum, the amount of planetary damage from cyber attacks could grow to $8 trillion.

One of the reasons for the accelerated growth of cybercrime, according to experts, are technological trends. By 2022, one trillion devices will be connected to the Internet. By 2023, 80% of people will have an avatar in the digital world. At the same time, more than 50% of Internet traffic of households in 2024 will be consumed by "smart" devices and household appliances.

2018

Losses of companies from hacker hacks in 2018 amounted to $3 trillion - Juniper Research

Due to hacker attacks that resulted in data leaks, companies around the world lost $3 trillion in 2018. This is evidenced by data from Juniper Research analysts, which were released on August 27, 2019.

According to experts, cybercriminals are starting to use increasingly sophisticated methods and tools. Among them is artificial intelligence, which studies the behavior of security systems and the like that is used by information security companies to detect abnormal activity in the IT infrastructure.

In addition, experts warn about the growth of cybercrime in social networks and the development of technologies such as deepfake, which with the help of AI allow you to create fake videos with face changes in acting heroes.

Juniper Research believes that business losses from cyber attacks and subsequent data breaches will grow and exceed $5 trillion. This growth will be primarily associated with an increase in fines for data leaks amid tougher legislation in the field of personal information protection.^[10]

Losses from online payment fraud amounted to $22 billion

Juniper Research analysts estimated losses from online payment fraud at $48 billion in 2018. By 2023, these losses will double and reach $48 billion. This is stated in the report of the research company, excerpts from which were published on November 20, 2018.

Experts have calculated the losses from fraudulent actions when paying for goods and services via the Internet, including the sale of air tickets, money transfers and banking services.

Juniper Research says that the critical factor behind these cybercriminal revenues is the remaining high rate of data breaches that lead to the theft of confidential personal information.

Attackers use data from these leaks to avoid directly stealing information, but to focus on using fragments of real data to create "new artificial identifiers."

Artificial identifiers have become an easily accessible thing because, although they require time from fraudsters to create, many of their goals are not set up to identify signs of behavior that indicate a given type of fraud. Many vendors of anti-fraud systems in the market have solutions to combat this, but the industry as a whole continues to play catch-up, said Juniper Research analyst Stephen Sorrel.

Experts say that the attack methods used by the hacker groups Magecart and Fin7 will become even more common as scammers seek to create products based on their knowledge. These groups use a combination of malware and omnichannel approaches for criminal gain. Fraudulent schemes will become so popular that a full-fledged market for fraudulent services will be born, the study notes.^[11]

Cisco Annual Cybersecurity Report

According to respondents, more than half of all attacks caused financial damage in excess of $500 million, including loss of income, customer outflow, lost profits and direct costs. ^[12]

Global cybercrime damage of $600 billion

In February 2018, analysts at antivirus company McAfee estimated that in 2017, the global damage from cybercrime amounted to about $600 billion or 0.8% of global GDP, an increase of about 35% compared to the 2014 estimate of $445 billion. Among the factors that led to the growth, experts listed increasingly sophisticated hacker attacks, the expansion of the cybercriminal services market and the spread of cryptocurrencies.

Intellectual property theft caused at least a quarter of the damage from cybercrime in 2017, according to a report prepared by McAfee in partnership with the Center for Strategic and International Studies (CSIS).

Experts have recognized attacks using ransomware viruses as the fastest growing type of cyber crime. Hackers are increasingly resorting to this method amid the growing availability of services built on the Ransomware-as-a-Service (RaaS, Extortion as a Service) model. McAfee has counted more than 6,000 criminal online resources that offer ransomware viruses and services for organizing attacks using them.

Banks remain the favorite target of cybercriminals. The study claims that hackers from Russia, North Korea and Iran are most active in terms of attacks on financial institutions, while Chinese hackers have focused more on cyber espionage.

In addition, the McAfee report calls Russia the leader in global cybercrime.

Our study confirmed: Russia is a leader in the field of cybercrime, which is expressed in the skill of its hacker community and contempt for Western law enforcement agencies, writes CSIS Senior Vice President James Lewis.

Among other global centers of cybercrime, the expert listed North Korea, Brazil, India and Vietnam.^[13]

Norton Cyber ​ ​ Security Insights Report: Theft of $172 billion from 1 billion people

In 2017, hackers stole $172 billion from 978 million consumers in 20 countries, in practice proving that online users are overly confident in cybersecurity issues. This was reported in the 2017 Norton Cyber ​ ​ Security Insights Report, prepared by Symantec in January 2018.

Experts note that victims of cybercriminals around the world are similar in that every day using many devices on a robot and at home, they usually have a weak idea of ​ ​ the basics of cybersecurity. For example, people often set the same passwords to access different accounts and tell them to others. Also, as a rule, people are too presumptuous: 39% of victims of cybercrime, despite their sad experience, are confident in their ability to protect data and personal information from future attacks, and 33% are convinced that they have a very small risk of becoming a victim of hackers.

In the United States, 143 million consumers suffered from cubic criminals, which is more than half of the adult online population of the country. The total damage from hacker attacks amounted to $19.4 billion, and on average, every American user who became a victim of cyber attackers spent almost 20 hours to eliminate the consequences of attacks.

There is a dangerous contradiction in consumer actions: despite the incessant flow of reports of cyber crimes in the media, too many people continue to think that they are invulnerable and neglect basic precautions to protect themselves, "commented Fran Rosch, executive vice president of the Consumer Business Unit Symantec.

The specialist stressed the need for digital protection, and also called on consumers to recall the basic rules of cybersecurity and contribute to the prevention of cybercrime.^[14]

2017

Positive Technologies: Russian industrial companies spend less than 50 million rubles a year on information security

According to Positive Technologies in December 2017, most Russian industrial companies spend less than 50 million rubles a year on information security. At the same time, 27% of organizations surveyed by Positive Technologies specialists during the study "How Much Security Costs" estimated a similar amount of loss in one day of infrastructure downtime due to a cyber attack.

A third (33%) of industrial organizations estimated the possible damage from the failure to operate corporate infrastructure within one day in the amount of 0.5 to 2 million rubles, 13% - from 2 to 10 million rubles. and 17% - from 10 to 50 million rubles. Most industrial companies (83%) announced their readiness to restore the infrastructure without spending 0.5 million rubles, but this assessment seems to Positive Technologies experts to be underestimated.

The amount of damage in the event of an information security incident largely depends on the company's readiness to respond to the incident and the correctness of the actions of employees. However, in the field of industry, this area is not at the highest level. 23% of organizations surveyed from this area lack the practice of identifying and investigating information security incidents. In the case when they are still investigated, 64% of companies do this work on their own without the involvement of professionals. At the same time, only 20% of industrial organizations have internal SOC departments, Positive Technologies said.

The study also showed that specialized security tools are used quite rarely - application-level firewalls (WAF) are used by less than a quarter (23%) of all surveyed industrial companies, SIEM systems - even less (17%).

Regular penetration tests (2 times a year) are carried out by only 13% of industrial companies, 44% - they have never been carried out. In 33% of companies, inventory and control over the appearance of unsafe resources in the perimeter of the network is never carried out. 40% of organizations have never analyzed the security of corporate wireless networks. 23% of industrial companies do not have control over the installation of software updates.

In addition, 17% of companies lack the practice of monitoring the publication of information about zero-day vulnerabilities and searching for them in the company's IT resources. In 40% of industrial organizations, data on new vulnerabilities are taken into account, but their correction is postponed indefinitely - despite the fact that hackers are ready for an attack within three days after the vulnerability is announced.

Only 23% of industrial companies conduct regular training of employees in the basics of information security with the subsequent verification of the effectiveness of such training, and 40% of companies do not organize it in principle.

Industrial companies, first of all, are important for the operability of the systems used and the continuity of the technological process, and information security is a secondary matter, therefore, the budget allocated for information security is in most cases not as significant as in state or financial companies, "explained Evgeny Gnedin, head of information security analytics at Positive Technologies. - In the field of industry, any changes in the APCS infrastructure can have a serious impact on the technological process, therefore, all additional protective equipment is applied with caution. In addition, it is not always possible to quickly make changes to the hardware and application software configuration or install updates. And although organizations are aware of information security problems, not everyone is ready to solve them effectively due to the nuances associated with the technologies used and internal business processes, as well as due to the inability of management to invest significant amounts in security.

The authors of the study suggest that the introduction of federal law No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation" will make significant positive changes to the processes of ensuring the protection of industrial facilities.

About the study

The How Much Security Costs survey was conducted in 2017. In total, 170 respondents took part in it, 18% of whom represent industrial companies. Most of the participants are included in the rating of the 500 largest companies in Russia by revenue for 2016 or lead in their industry, and also have more than 1000 employees.

NAFI: Damage to Russian companies from cyber attacks amounted to 116 billion rubles

According to NAFI, in 2017, about half of Russian companies faced various threats, and 22% of them suffered financial losses from attacks. According to the All-Russian survey of entrepreneurs conducted by the NAFI Analytical Center in November 2017, the average amount of losses in one company amounted to 299,940 rubles, and it depends on the size of the business. In the country as a whole, losses from cyber attacks are estimated at 115 967 204 788 rubles. At the same time, businessmen underestimate the risks.

About half of companies (48%) faced various information threats over the past year, and large businesses were more susceptible to information attacks (62% versus 46-47% in small and medium-sized enterprises). Most often, top managers mentioned the facts of infection with viruses of employees' work computers, including, followed by extortion of money (20%), hacking mailboxes (12%) and attacks on the company's website (10%). 7% of respondents encountered Internet fraud, 3% faced unauthorized access to enterprise information, and 2% experienced theft of customer personal data. It is worth noting that unauthorized access to information resources of companies threatens mainly large companies (11% versus 1-2% among other enterprises), and Internet fraud is more often aimed at small and medium-sized businesses (9% among micro-businesses and 2% among large).

Every fifth organization, faced with information threats, suffers financial losses (22%). In large companies, this is reported more often (39%), in small companies - less often (15% of respondents). The average amount of financial losses is 299,940 rubles. In large business, the average amounts reach 866,771 rubles, and the minimum losses - among micro-enterprises (30,000 rubles). The weighted average, taking into account the size of the company and the type of attack, the amount of losses of Russian business from cyber attacks is 115 967 204 788 rubles.

The most common way to ensure information security of enterprises is to install updated antivirus software on all computers, this measure is taken in 88% of companies. Other methods of protection are applied much less often. For example, 47% of organizations (more often it is found in large companies - 59%) have a prescribed information security policy that all employees should follow. Such a measure as restricting Internet access is popular in 45% of organizations (more often in medium-sized companies). Less often, employees are given the opportunity to regularly undergo training (29%) or the requirement for mandatory certification of information security is established (15%). It is worth noting that in 22% of enterprises, employees are allowed to independently install the programs that they need to work.

The vast majority of top managers of Russian enterprises (99%) are aware of the recent viral and hacker attacks on companies. However, the majority (60%) note that such risks regarding their business are minimal. Heads of medium and large companies more often express concerns about the information security of their business (41% and 38%, respectively) than representatives of small organizations.

Every fourth entrepreneur (26%) expresses the opinion that today Russian law enforcement agencies are able to successfully investigate computer crimes, find and punish computer intruders. More than half of the respondents adhere to the opposite position (55%).

2016

UK businesses lose money and reputation over cyber attacks

Almost 20% of UK businesses were hit by cyber attacks last year, a study by the UK Chamber of Commerce and Industry said. Data suggests low levels of business cyber protection in the country^[15].

All companies are at risk

A survey in the UK showed that both large enterprises and small companies with a small number of employees could become victims of cybercriminals. As a rule, as a result of cyber attacks, companies lose their finances, data and, of course, their reputation. However, despite the increase in the number of hacker attacks, not all enterprises take potential threats seriously.

It turned out that 63% of companies rely solely on third-party IT providers for security. In the case of small and medium-sized businesses, this is rather a forced choice, since cybersecurity requires additional financial resources that small companies do not have. However, some large companies also rely on providers and do not create their own competencies in cyber defense.

Financial institutions and banks are most attentive to the problem of cyber attacks. Only 12% of these UK institutions rely on external assistance.

The need to create barriers for cybercriminals

One of the main problems of modern enterprises is the low level of cyber defense. Just 24% of UK businesses have cyber defenses that can create serious barriers for attackers. At the same time, small and medium-sized enterprises have almost no such protection. Among small companies, the number of protected enterprises is about 10%. Among businesses with more than 100 employees, only 47% have this or that collateral option. cyber security

This situation is especially indicative against the background of the Cyber ​ ​ Essentials program in the UK. It is sponsored by the government program and aims to create affordable cybersecurity mechanisms. The cost of connecting to this affordable protection system is from £300 a year. But many enterprises refuse even such cybersecurity costs and, in the end, cannot receive accreditation in the field of data protection.

The survey found the government should consider reducing the cost of such a security programme to make it as affordable as possible for small businesses. This is an important issue for business, since small enterprises are often participants in large supply chains and have large partners. Therefore, the attack on small companies potentially poses a threat to many large enterprises.

IDC: $650 billion - annual losses to the global economy from cybercrime

According to IDC (November 2016), cybercrime will cost the global economy $650 billion by the end of 2016, and more than $1 trillion by 2020. More than 1.5 billion people will be affected by data leaks, both personal and corporate, by this time, which will lead to tougher regulation and the development of alternative authentication methods. These, first of all, include authorization using biometrics: by 2020, a quarter of all world electronic transactions will be carried out using it.

Another trend in the information security market was called the gradual acquisition by cyber attacks of a "physical" nature. So, already about 5% of information crimes lead either to the destruction of data, or to the damage of physical resources or infrastructure.

2015

Losses of the Russian economy from cybercriminals in 2015 reached 203.3 billion rubles (0.25% of GDP)

The Russian economy was damaged by cybercrime in the amount of 203.3 billion rubles. or 0.25% of GDP in 2015.

Direct financial damage amounted to 123.5 billion (0.15% of GDP), and the cost of eliminating the consequences of more than 79.8 billion (0.1% of GDP). Such information is published in a joint study by Group-IB, the Internet Initiatives Development Fund (IIDF) and Microsoft.

The scale of the negative impact of cybercrime on the development of innovation is evidenced by the fact that losses from it amounted to 22.8% of the total amount of funding for research activities from the budget of the Russian Federation. Thus, the share of domestic research and development costs in Russia's GDP on average is 1.11%, in absolute terms in 2015 it is 892.58 billion rubles.

Analysts estimate the growth in the volume of cyber attacks in Russia by tens of percent.

During four quarters - from the second quarter of 2015 to the first quarter of 2016, cybercriminals stole ~ 5.5 billion rubles, which is 44% more than stolen in the previous reporting period, Group-IB the study concluded.

The company paid special attention to the damage from attacks on banking institutions, it grew by 292% and reached 2.5 billion. Individuals using mobile devices on the Android platform suffered financial losses - an increase of 471%, to 349 million rubles.

The increase in successful attacks on Android is due to the fact that this platform quite easily allows its users to install unverified applications on their devices - games, utilities, etc. Dmitry Volkov, head of cyber intelligence at Group-IB

Simultaneously with these indicators, the number of successful attacks on legal entities' accounts in Internet banking halved in the reporting period. The number of thefts from individuals using PC decreased - the volume fell by 83% to the level of 6.4 million rubles.

Among the effective measures to counter cybercrime, experts from Group-IB, the Internet Initiatives Development Fund (IIDF) and Microsoft see:

• Increase IT literacy (awareness of threats and defenses)
• mandatory disclosure of information about incidents,
• improving both international mutual legal assistance procedures and national legislation on crime compositions and investigation procedures,
• expanding public-private partnerships to counter cybercrime.

{{main 'TAdviser conducted a major survey for IIDF and Microsoft research

}}

The survey, which was conducted by TAdviser, for research by the IIDF and Microsoft, involved 600 companies. 58% of respondents are small and medium-sized businesses. 42% are large commercial companies and government agencies. The survey format is a telephone interview. The respondents represent the following sectors of the economy: finance and insurance, telecom, IT, retail, FMCG, industrial production, transport, power, etc. The survey involved IT executives, information security executives and their deputies. The survey was conducted by specialists of the analytical center TAdviser.,</ref> Two-thirds of Russian companies believe that over the past three years, the number of cyber fights has increased by an average of 75%, and the damage has doubled. At the same time, in the short term (three years), respondents predict both an increase in the number of incidents and damage from them by 173% and 192%, respectively.

The survey results also showed a high degree of business awareness of the risks of using unlicensed software. At the same time, large and state-owned companies are more worried about legal and financial consequences, while SMB companies are more concerned about reputational and technical risks.

"Companies are well aware of threats, but much less about the methods of work of cybercriminals and ways to counter crimes," summed up Ulyana Zinina, director of corporate affairs at Microsoft in Russia, candidate of law. - As the survey showed, only 19% of respondents believe that responsibility in the fight against cybercrime should be distributed between business, representatives of the cybersecurity market and the state. International experience shows that such a partnership is becoming an effective method of combating high-tech crimes. "

Average annual damage from cyber attacks $15 million per organization

On October 26, 2015, HP, together with the Ponemon Institute, presented the results of a six-year study aimed at understanding the consequences of malicious attacks on private and public enterprises.

The study showed a significant increase in the cost of eliminating the consequences of these crimes. The final report provides a detailed description of the cyber attacks that cause the greatest damage to enterprises, provides recommendations that will help minimize it.

Financial The 2015 Cybercrime Consequences Study, supported Ponemon Institute by HP Enterprise Security, provides data on the annual costs of eliminating the consequences of cyberattacks for companies in,,, USA, Great Britain Japan Germany Australia, and. Brazil Russia

According to this information, in American companies, the damage from cybercrime is $15 million per year ^[16], on average - that is, 82% more than at the beginning of the study six years ago. In other words, every year costs increased by almost 20% ^[17]. It takes an average of 46 days to eliminate the consequences of cyber attacks (for six years this period has increased by almost 30%), and companies spend an average of $1.9 ^[18] to eliminate the consequences of each of them. ^[18].

Chart to Study (2015)

A study in the United States also showed that many enterprises invest in security analytics technologies to avoid the costs associated with detecting cyber attacks and eliminating their consequences. Such tactics are bearing fruit: the cost of responding to attacks is reduced, and this significantly increases the return on investment^[16].

Companies are actively introducing new technologies to protect their resources. Traditional network and perimeter management tools are already ineffective, so you need to completely rethink existing strategies to maximize user, application, and data protection. The 2015 Financial Consequences of Cybercrime report clearly demonstrates this trend. Companies allocate 20% of security budget for protection applications^[16] - almost 33% more than two years ago.^[17]

Key findings of the report

• Cybercrime still causes huge damage to companies: the costs associated with cybercrime average $15 million per year. At the same time, the costs of each individual company may range from $1.9 million to $65 million per year^[16]. In absolute terms, the damage from cyber attacks has grown by 82% over the past six years.^[17]

• The amount of damage from attackers' attacks depends on the size of the organization: this study revealed a direct dependence of the average annual cost on the size of the company (the number of jobs). However, the report data suggests that losses per employee in small companies were more than in large enterprises^[16].

• The increase in the cost of combating cyber attacks continues: on average, it takes approximately 46 days to eliminate the consequences of the attack. Companies participating in the study spend more than $1.9 million on average during this period^[16]. Thus, there is an increase of 22% compared to 2014, when the amount of costs averaged about $1.5 million over a 45-day period.^[17]

Warned - Armed

Recognizing the danger of cyber threats, companies can more effectively plan security strategies and determine the amount of investment in this area.

• The most expensive is the elimination of the consequences of denial of service (DDoS) attacks, attacks committed by internal attackers and crimes using malicious code. More than 50% of the cost of combating the consequences of cybercrime falls on such attacks^[16]. It takes the most time to contain attacks made by internal attackers and eliminate their consequences - an average of about 63 days, the study says.

• Data theft is fraught with the highest external costs. This is followed by losses incurred due to the downtime of the enterprise. Data theft accounts for 42% of all external costs each year. At the same time, losses incurred due to downtime or reduced productivity account for 36% of total external costs (which is 4% more than the six-year average).

• Restoring the company to normal operation and detecting crimes turned out to be the most expensive of all security measures carried out within the company. They account for 55% of the total annual cost, with cash and labor costs accounting for the largest share of these costs^[16].

Organizations that have invested in and actively implemented security analytics technologies, followed all recommendations to combat the consequences of cybercrime, and achieved better results in detecting and deterring cyberattacks. This helped them largely avoid unnecessary costs^[16].

• By deploying security information and event management (SIEM) platforms, such companies have saved an average of $3.7 million per year compared to enterprises that do not use similar solutions.

• Competent budget planning helps to save an average of $2.8 million, which would otherwise be spent on responding to attacks and eliminating their consequences.

• Hiring certified security experts will save $2.1 million.

• The appointment of the head of the information security department saves another approximately $2 million ^[16]. Among the companies participating in the study that chose to deploy security technologies to protect against malicious attacks and data theft, preferences were distributed as follows:
• data encryption technologies - 57%,
• access control - 45%,
• Data Theft Prevention Tools - 38%
• policy management tools - 36^[16]%.

2014

The volume of losses of the global economy $445 billion

Данные Center for Strategic and Internaional Studies

Group-IB: Russian-speaking criminals earned $2.5 billion in a year

According to the Group-IB report, from the second half of 2013 to the first half of 2014, Russian-speaking cybercriminals earned about $2.5 billion in Russia and the CIS. Of this amount, $426 million fell on Internet fraud, a significant part of which - $289 million - occurs in Internet banking systems . On cashing out funds in Russia, cybercriminals earned $59 million, on banking phishing and fraud with electronic money - $50 million, on embezzlement of electronic money - $28 million.

For the first time, Group-IB also assessed the amount of funds stolen in payment card fraud in Russia as a separate item: according to the report, in 2013-2014. it amounted to about $680 million. In turn, on spam in 2013-2014. "High-tech criminals" earned $841 million, on DDoS attacks - $113 million.

The bulk of cybercrimes are committed against organizations in the financial sector and the public sector, according to Group-IB. In the latter, cybercrimes are most often committed for industrial espionage purposes. This increases the number of targeted attacks on such organizations. For 2013-2014. attackers conducted more than 35 successful attacks on banks, and among other organizations related to the financial sector that became victims of cybercriminals - Qiwi, Russian Post, Moscow MICEX-RTS Exchange. In the case of Qiwi, in particular, the attackers stole 88 million rubles, which the company mentioned in its annual report for foreign private issuers.

Group-IB notes that of the targeted attacks on banks known to them, only in 3% of cases the organization identified them themselves. In 28% of cases, attacks were identified after an incident occurred in the bank, and in 69% of cases, Group-IB itself notified the banks of attacks.

In the public sector, among the objects of attacks is the Administration of the President of the Republic of Bashkortostan, where malware was found on 5 computers, and the ultimate goal of the attackers was financial information in the BashFin system . The Moscow Department of Health, FSUE Main Center for Special Communications and a number of others were also attacked by cybercriminals.

Among the trends in the cybercrime market in Russia, in addition to targeted attacks, Group-IB allocates an increasing share of mobile threats. According to research on mobile botnets, 40% of mobile users have a bank account linked to an infected mobile phone.

Group-IB notes a serious problem in the fight against cybercrime in Russia that despite the increasing number of crimes, the lack of specialists in law enforcement agencies who deal with them remains relevant.

PWC: Information Security Incident Loss Overview

According to PWC research, the average amount of financial losses as a result of information security incidents during 2013-2014 looked like this:

Source: PwC, 2015

Perpetrators of information security incidents, 2013-2014.

Source: PwC, 2015

2012

$320 billion - losses from intellectual property theft in the United States

The American Intellectual Property Theft Commission estimates the damage caused by intellectual property theft at at least 320 billion dollars USA (2012 data). These amounts do not yet include losses due to systemic failures associated with hacker attacks, and due to fraudulent actions committed during the theft of bank details of companies and individuals. Experts believe that at least 25% of all existing companies have already suffered financial losses in one way or another due to various varieties. cyber attacks Their numbers can even reach 50%, and some computer security experts frankly admit that companies in the second half have probably not yet noticed that gaps have been broken in their security system.

2011: Cybercriminals in Russia earned $2.3 billion in 2011 - Group IB

In 2011, Russian cybercriminals managed to "earn" about $2.3 billion from hacking banking electronic systems and providing various illegal services. This was reported by RIA Novosti with reference to the words of Sachkov Ilya, CEO of Group IB, a cybercrime investigation company.

According to the company, the Russian cybercrime market has grown by $1 billion since 2010 - then the income of Russian cybercriminals was estimated at $1.3 billion. The global cybercrime market has also grown, according to Group IB - in 2011 its volume amounted to $12.5 billion, a year earlier Group IB specialists estimated it at $7 billion.

"Despite the active opposition to computer attackers by law enforcement agencies and specialists in the field of preventing and investigating information security violations, the cybercrime market showed active growth last year, which was reflected in the number of crimes and the amount of profit received by hackers," Sachkov said.

According to him, in 2011, the company's specialists discovered 12,000 phishing sites (an increase of 300% compared to the previous year), 180 thousand new domains that hosted malicious sites, as well as about a thousand Internet resources through which it was possible to manage botnets.

According to the expert, in 2011 in the field of cybercrime, a kind of consolidation of forces was observed - hackers began to unite in organized groups with a centralized management system. The relationship between the participants of this market has also strengthened - the main groups of cybercriminals began to exchange compromised data free of charge, provide botnets and cash-out schemes.

2004-2006

The need to take action in the fight against network threats is evidenced by the CSI Computer Crime and Security Survey report, which shows that at the very beginning of the 21st century, information security threats were distributed relatively evenly. These were mainly classic viruses and DDoS attacks. But in 2007 , financial fraud added to them, as a result of which many companies incur colossal losses. The global damage from virus attacks in recent years has decreased by a quarter. If in 2004 the damage amounted to $17.5 billion, then in 2006 - $13.3 billion. According to analysts, this is due to the transition of hackers to more effective ways of making money than writing viruses.

Notes