Searches for cyber threats have seen a steady increase worldwide, particularly in the last year, proving that it’s a major concern for people all around the world. In fact, according to IBM’s Cost of a Data Breach report, the average cost of a data breach has reached an all-time high, climbing 12.7%, from $3.86 million in 2020 to $4.35 million in 2022.
While many of the cybersecurity attacks we hear about happen at major enterprises, the reality is cyber criminals don’t discriminate by size: 61% of SMBs experienced a cyber attack during the last year. A mistake many SMBs make is under-resourcing the IT security needed to prevent data breaches.
And the cyber security landscape is changing rapidly. For one, the global pandemic drove a huge increase in working from home. This need to accommodate remote work left IT leaders scrambling to find a way to support cloud technologies, the use of personal devices, and remote connections (whether VPN, outside the domain, or otherwise). Needless to say, this shift drastically changed the entire IT infrastructure of many organizations, moving environments from on-premise to hybrid almost overnight.
As the shift to hybrid exposed vulnerabilities, cybercriminals seized the opportunity, resulting in a 630% increase in cloud-based attacks between January and April 2020 alone.
Now that a hybrid infrastructure is standard for many organizations, a reliance on cloud technologies continues to drive an increase in significant cybersecurity challenges. To enable hybrid working, companies often rely on cloud technology and remote connectivity via RDP and VPN, which has led to a huge rise in cyber attacks on cloud services and VPN gateways.
This has led to a need for stronger IT security measures, along with a different approach to security itself.
With all of this in mind, it’s little wonder why the worldwide cybersecurity market is growing rapidly. According to Statista, revenue in the cybersecurity market is projected to reach over $159 billion this year.
To shed light on the solutions needed to secure networks, IS Decisions has analyzed Google search volume to identify what type of cyber threats people worry about the most online.
The most searched-for cyber threat by country
The first question that seemed to beg an answer was a simple one: what cyber threats seem to be causing the most anxiety world-wide? To find the answer, let’s take a look at the most searched for cyber threats by country.
- Distributed denial-of-service (DDoS) attacks
Topping our list are distributed denial-of-service (DDoS) attacks, which can come at any time, impact any part of a network and lead to a massive amount of service interruptions and huge financial losses. A flood of incoming messages, connection requests or malformed packets to the target system forces it to either slow down or crash, and as a result, deny service to legitimate users or systems.
DDoS attacks do have definitive symptoms, but the symptoms often mimic other issues you might have with your computer or system, making it hard to determine whether you’re experiencing a DDoS attack without a professional diagnosis. These symptoms can range from a slow internet connection to a website appearing down, and the difficulty to recognize a DDoS attack could explain why it is the most searched-for type of attack in 95 countries, including the UK and the US.
Phishing was the second most searched-for type of attack, appearing across 24 countries. A lack of security awareness among employees is one of the major reasons for the increase in phishing attacks as they are designed to induce people to reveal passwords.
The most common type of phishing usually begins with an email that looks like it comes from a trusted source. The message will usually try to alert you to a security issue, and ask you to log in through a website to confirm your identity, or to change your password. Since the recipient believes the content of the message is trustworthy, they carry out the instructions, change their password, and unwittingly reveal their credentials.
- SQL injection attacks
Other common cyber threats include SQL injection attacks. SQL injection attacks appear as the most searched-for threat in 7 countries. The name of the attack refers to a code injection technique used to attack data-driven applications. This technique exploits improper coding of vulnerable web applications.
The impact SQL injection can have on a business is extensive. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in extreme cases, the attacker gaining administrative rights to a database, all of which can be extremely detrimental to a business. Developers can prevent SQL Injection vulnerabilities in web applications by utilizing parameterised database queries making sure that the parameters (e.g., the inputs) passed into SQL statements are treated in a safe manner.
- Cross-site scripting (XSS)
Cross-site scripting (XSS), where an attacker injects malicious executable scripts into the code of a trusted application or website, was the fourth most searched-for attack, appearing the most across 5 countries, including Japan and Brazil.
Although traditionally seen as less harmful than SQL injection attacks, the impact of an exploited XSS vulnerability on a web application can vary greatly. By executing script code in the user’s current context, attackers can steal session cookies and perform session hijacking to impersonate the victim or take over their account. In conjunction with social engineering, this can lead to the disclosure of sensitive data or even malware installation.
Click here to zoom in on the map.
The top 10 most searched-for cyber threats around
The data also revealed the top 10 most-searched-for threats globally. Exploring these threats can further help define the solutions needed to secure networks from the most preoccupying cyber threats worldwide.
As well as being the most searched-for cyber threat across 95 countries, DDoS attacks are also the most searched-for globally, with 94,750 searches in the past year. When you hear that a web server, service or network has been taken down by hackers, the chances are that a DDoS attack has been used to do it. These attacks can even bring down the largest servers by overloading them with more requests than they can handle. Unable to meet the demands of these requests, servers or networks crash.
What’s perhaps more alarming is that you don’t even need to be a hacker to carry out a DDoS attack anymore. Cyber criminals now create botnets that they sell or lease on the dark web. With these ready-to-go DDoS kits reportedly available for as little as $10 an hour, it’s no surprise that this type of cyberattack is the most searched-for around the world.
Find out which other cyber threats made the top 10 list below.
The world’s most searched-for threat prevention measures
Hackers are becoming more sophisticated as they build upon attack methods already in use, trying to improve on what worked before. This can leave IT leaders feeling that they lack the resources and time to make sure their security keeps up with the risks.
Threat prevention is essential to a company’s cybersecurity, and there are many effective ways to ensure layers of protection. However, because of network complexity and the number of applications, users, systems and devices that many organizations have, there is no single, standalone layer of protection that guarantees 100% protection across all an organization’s IT assets. But, as cyber attackers become more cunning, so should the prevention measures used to stop them.
- DDoS attack prevention
When it comes to the most searched-for types of threat prevention around the world, DDoS attack prevention came out on top, with a total of 5,540 average annual searches for the terms ‘Prevent DDoS attack’ and ‘DDoS attack prevention.’
According to GovTech, there were 60% more malicious DDoS events during the first six months of 2022 than during the entire year of 2021. Signs to look out for when it comes to a potential DDoS attack can include slower loading times, long-term inability to access a particular website, internet disconnection and excessive amount of spam emails. Providing regular IT security training will help prevent DDoS attacks so that hackers cannot find gaps to exploit. Implementing strong password policies will also help minimize entry points for hackers, proving there are many ways to prevent a DDoS attack, but no single silver bullet.
To prevent hackers gaining entry via user accounts, organizations should put in place multi-factor authentication (MFA), which provides extra certainty beyond a password that the user is who they say they are. While not necessarily a prevention method, single sign-on security (SSO) combined with MFA can also help an organization lower risk since it provides a frictionless way to secure user access to all line-of-business apps without sacrificing productivity.
- Cross-site scripting prevention
The second most searched-for threat prevention was for cross-site scripting, also known as XXS, with a total of 4,160 average annual searches for the terms ‘Prevent cross-site scripting’ and ‘Cross-site scripting prevention.’ When a network is compromised with cross-site scripting, a collection of issues can quickly emerge. This could lead to sensitive user data being exposed and attackers seizing online accounts and impersonating users.
To prevent a cross-site scripting attack, there are a number of prevention measures you can take. Input fields are a common gateway for cross-site scripting attacks. Validating that the data is in the proper form ensures that only expected content can be submitted by your visitors and not any malicious scripts. Reviewing your systems and web applications regularly can also ensure your applications don’t have vulnerabilities that attackers can exploit.
- DoS attack prevention
DoS attack prevention was the third most searched-for prevention method, with a total of 3,500 average annual searches. Denial-of-service (DoS) attacks make networks inaccessible to those who use them by flooding the target with traffic or sending it information that triggers a crash. DoS attacks are one of the oldest cybercrime tactics, but they are increasingly damaging and disruptive to organizations of all sizes.
While direct theft or data loss may not necessarily be the goal of a DoS attack, it can severely impact an organization financially as it spends time and money getting back on its feet. Loss of business, frustrated customers and reputational harm all add to the costs.One way to prevent DoS attacks is for organizations to monitor and analyze network traffic via a firewall or intrusion detection system. Administrators can set up rules that create alerts for unusual traffic, identify traffic sources or drop network packets that meet certain criteria.
DoS attacks can range in duration and may target more than one site or system at a time. An attack becomes a ‘distributed denial of service attack’ (DDoS) when it comes from multiple computers or vectors instead of just one.
- Ransomware prevention
Ransomware prevention was the fourth most searched-for prevention method, with a total of 3,160 average annual searches. Ransomware is a type of malware attack in which an attacker locks and encrypts data and important files and then demands payment be sent via cryptocurrency or credit card to unlock and decrypt the data. However, even if you pay the ransom, there is no guarantee that you will get access to your data. This type of attack can take advantage of individuals, businesses, and organizations of all kinds.
Effective ransomware prevention requires a combination of backing up data, keeping software updated, installing antivirus software & firewalls, and network segmentation. Although this won’t reduce the risk entirely, it can limit the chance of an attacker being successful.
- Phishing prevention
The fifth most searched-for threat prevention measure was phishing, with 3,080 annual searches. Since hackers trick you into giving away user credentials, they can gain access and easily wreak havoc unless there’s an additional layer of security beyond the password.
As mentioned above, enabling multi-factor authentication (MFA) can be one of the quickest and most impactful ways to protect and strengthen user access. However, different MFA methods have strengths and weaknesses when it comes to protecting against phishing attacks. A text message or PIN is often used to confirm identity, but it’s become child’s play for hackers to intercept, redirect or spoof text messages. Unfortunately, the nature of a text also opens up your organization to a host of risks (and Microsoft agrees).For more phishing-resistant MFA, many organizations opt for hardware authentication, which requires a physical device (like YubiKey or Token2) for account access, or software authentication, which requires an authentication app that generates time-based, one-time passcodes. Increasingly IP-based controls and other contextual access management capabilities can also play a role in if or how authentication takes place.
Find out which other cyber threat prevention methods people are searching for the most below.
A vast number of the attacks referenced above can be migrated by stronger access security, primarily using multi-factor authentication (MFA). Many attack patterns require a logon in order to work, including: phishing, brute force/password, ransomware, social engineering, and man-in-the-middle attacks. So, while logons provide one of the clearest indicators of compromise, they are also one of the easiest places to secure to prevent an attack. Single username and password combinations are no longer enough to keep hackers away, and we have known this for a long time.
Multi-factor authentication requires individuals to provide more than one factor (usually a password) to ensure that they are who they say they are, adding much more security to a simple username and password combination to access a network. Therefore, MFA makes it harder for hackers to access a company’s network, services or data because it adds an extra layer of security to authenticate that the person trying to get access is indeed the person who is intended to have access.
We collated a list of 50 cyber attacks and threats from various seed lists. We collected the global search volume across each attack/threat as well as the search volume for preventing each attack/threat. We analyzed the top 10 most searched-for threats in every country, as well as the most searched-for cyber threat globally, and the prevention of each attack globally and per country. For the purpose of this campaign, those that were synonyms of the same attack were removed from the final results, and countries with insufficient search volume data (those with SV of 10 or less) were also removed from the list. Where two terms were tied, we cross-referenced with a secondary search volume tool to get the highest result. All searches for all countries were performed in the English language. Data collected October 2022.