Unprecedented Increase in Cyber Attacks
The global shift to a hybrid workplace and pervasive connectivity has fueled the adoption of digital collaboration systems; subsequently, digital footprints for organizations have expanded. The rapid increase of shared digital tools and internet resources has fragmented data and created a larger attack surface. The 2021 Internet Crime Report data is an indication that criminals are taking advantage of this digital evolution.
“In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion,” wrote Paul Abbate, FBI Deputy Director. “Among the 2021 complaints received, ransomware, business email compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.”
By the Numbers - 2021 FBI Internet Crime Report
Breach Reporting Requirements on the Rise
The 2021 report mentions that “heightened attention was brought to the urgent need for more cyber incident reporting to the federal government.” The need for cyber incident reporting was codified recently as President Biden signed the 2022 Consolidated Appropriations Act, which includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The act requires critical infrastructure companies to report cyberattacks and ransomware payments.
The IC3 was established in May 2000 to receive complaints of internet-related crime and has received more than 6.5 million complaints since its inception. Its mission is to provide the public with a reporting mechanism to submit information to the FBI concerning suspected cyber-enabled criminal activity, and to develop effective alliances with law enforcement and industry partners to help those who report. Information is analyzed and disseminated for investigative and intelligence purposes for law enforcement and for public awareness.
The FBI reminds us to report suspected criminal internet activity to IC3. By reporting internet crime, victims are not only alerting law enforcement to the activity, but aiding in the fight against cybercrime.
In a notification, the Cyber Division of the FBI recommends configuring SPF, DKIM, and DMARC to prevent spoofing and to validate email. In addition, NIST provides recommendations and guidelines for enhancing trust in email.