Hacking the World – Part 3: The Hackers and the Hacked

Posted on Oct 18, 2021 by PIA Research Team

Need a geographical breakdown of hacking? Look no further. We’ve got all the data breach statistics you need to understand the “who” and “where” of what’s happening in cybersecurity across the globe.
For a refresher of key hacking terms and definitions, read our helpful cybersecurity glossary from Part 1: Hacking Basics. You may also want to check out Part 2: What’s Being Hacked (And What Changed With Covid) to truly grasp what data hackers are after, regardless of their location.

Jump to a section below, or read on:

The Hackers & the Hacked

Hacking Geography

The Hackers & the Hacked

Who is the biggest target of hackers? Is it the individuals or industries? Let’s take a closer look at data breach statistics, who tends to suffer cyberattacks the most, as well as the perpetrators who conduct them

How Many People Get Hacked?

Inconsistencies in the identification, recording, and reporting of data breaches make it almost impossible to know the total number of hacks (and exposed users) worldwide every year.

A variety of factors contribute to significant the lack of data, such as companies having inadequate cybersecurity practices or analyzing only parts of the information in their databases.

That being said, the US has been recording cyber incidents since 2005. According to the Privacy Rights Clearinghouse, a total of over 10 billion US records have been exposed. That includes PII such as names, addresses, and credit card details. This makes the US the no.1 country with the most data breaches.

Victim Demographics

Fraud data from the Federal Trade Commission (FTC) suggests that older internet users are more likely to become cybercrime victims. Its findings show that 60 to 69-year-olds lodged almost 180 000 fraud complaints in 2020, which is the most out of all age demographics. Younger age groups use technology more often than older generations — yet fraud complaints aren’t that common among them. 

The reason behind these stats is lower computer literacy in older adults, which makes them more susceptible to cyberattacks and social engineering. Without sufficient knowledge on how phishing and other types of scams work, they’re more likely to click on a malicious link or download a virus without realizing the risks

Vulnerable Targets Inhibit Cybersecurity

No matter how advanced your company’s cybersecurity is, you can’t escape the human element. Data breach statistics show that human error is a leading barrier to establishing effective cybersecurity programs. A low level of cybersecurity awareness opens the door for targeted social engineering attacks and subpar cybersecurity hygiene. Educating employees is the best way to minimize this risk.

Sadly, there is a scarcity of appropriately qualified cybersecurity professionals. The talent pool has dried up as companies moved to invest in their security departments throughout the last 18 months, and this is now a major hindrance to businesses.

Poor integration between systems is another cybersecurity issue for businesses. Surprisingly, though, cybersecurity professionals said money isn’t much of a problem for the majority of IT departments.

Failure Rates Are a Vulnerability Indicator

Proofpoint crunched the numbers on their phishing simulation program to reveal the average “failure rate” by industry. The results show us how often organizations fall for phishing attempts.

Generally, industries that are more susceptible to phishing attempts undergo a higher level of testing and have more general experience with phishing messages. Educating staff is critical too as it prepares employees for possible social engineering attacks. That’s why, despite being targeted the most, healthcare and government organizations actually have quite a low failure rate — their staff and systems are prepared to handle phishing attacks.

On the other hand, the data suggests that industries that are not targeted as often are more vulnerable to phishing attempts. Engineering, telecom, and mining stand out as three sectors with high failure rates. The increased vulnerability of these sectors is due to lack of importance placed on cybersecurity and insufficient training for the staff.

The Worst Affected Industries

According to CyberEdge, educational organizations undergo successful cyberattacks more than other industries: 92.3% of education businesses experienced an attack in 2020. Throughout the surveyed period, 90.3% of manufacturing companies and 87.4% of telecom & technology companies were targeted by cybercriminals.

The finance and healthcare sectors are consistently earmarked as targeted industries, primarily due to their extensive stores of customer data. These were the two worst affected industries when it came to multiple breach incidents for each company. According to Verizon, 15% of all breaches in 2020 involved healthcare organizations, 10% of all breaches affected financial companies, and 16% occurred in the public sector.

Staffing Issues Cause Security Vulnerabilities

As the demand for cybersecurity professionals grows amidst rising cybercrime, there is a lack of available talent to fill the void. Only 30% of professionals report their companies have the right amount of cybersecurity staff — but 64% report a significant or slight shortage in IT experts. The cybersecurity talent crisis is nothing new and has been a prevalent issue for several years.

This doesn’t mean the workforce shortage isn’t directly impacting organizations. Over half of cybersecurity professionals claim their staff shortage is causing moderate to extreme security risks. A high price to pay for a problem outside of most employers’ control.

The Biggest Hacking Breaches

These are the largest hacking breaches of all time. For the record, these standings only include breaches caused by hacking incidents — misconfiguration, lost devices, or other poor data security practices are not weighed in.

Yahoo is the largest hacking incident and one of the largest breaches to date. Hackers used malicious cookies to imitate user authentication and gain access to accounts. They stole 3 billion records with user PII, including names, dates of birth, email addresses, phone numbers, hashed passwords, and even security answers. 

An affiliate employee downloaded malware onto Alibaba’s system to scrape over 1 billion records in 2019. It’s important to note that this wasn’t a human error — Alibaba reported the employee purposefully violated the cybersecurity practices and helped leak vulnerable shopper details. That same year, hackers exploited a vulnerability in one of SinaWeibo’s websites to expose over 500 million user files.

More than 500 million Facebook records were scraped due to a website vulnerability too. The social media platform is regularly criticized for letting user data slip through, so it may not be the last Facebook data breach we see. Adult Friend Finder also fell victim to a huge hacker attack. Bad actors were able to unencrypt account credentials for almost every account after a network hack.

Malicious Attackers Cause the Most Breaches

There are three reasons behind a data leak: human error, a system glitch, or a malicious attack. 

Bad actors are behind 52% of data breaches. The Middle East suffers worst from malicious attacks with bad actors at fault for 59% of breaches. In Germany, 57% of breaches are malicious. And even though Canada is the least affected by malicious actor breaches, they still account for 42% of all leaks.

Verizon also reports that hacking was the top cause in 45% of malicious breaches. Social attacks occur in 22% of breaches, and 17% of attacks include malware.

Human error and system glitches are almost equally responsible for the remaining breaches: 23% and 25% respectively. Considering that these could be lowered by providing appropriate education and hiring skilled cybersecurity professionals, they’re still quite high on the list.

Hacker Motivations

The majority of malicious attackers are financially motivated. 53% of hackers compromise data for monetary gains, 13% are nation-state hackers, and another 13% are “hacktivists.”

Hacktivists are hackers that gain access to data or disrupt organizations for social or political motivations. A hacktivist could prevent a target company from continuing its business operations, or they could steal files related to their cause.

Nation-state hackers collect information and disrupt other organizations on behalf of a government. China, the US, and Russia are three nations that are known to use these hackers. According to IBM, nation-state attacks are the most expensive due to the sensitive information they often target. They cost, on average, $4.43 million per breach.

Top Income Sources for Hackers

Illegal online markets such as the ones on the Dark Web are the biggest source of income for hackers. Hackers often sell stolen data online to turn a quick profit, leaving fraud, scams, and other forms of targeted cybercrime to the buyer. Doing so brings in $860 billion in earnings for hackers every year.

Trade secrets and IP theft also net a healthy profit. Although these are not found as easily as customer PII, when obtained, trade secrets and intellectual properties can be sold at a high price to rival businesses. Due to their high market value, trade files earn hackers $500 billion per year! 

Nation-State Hackers: Getting Worse?

Nation-state attacks are rising exponentially following a prolific period of activity.

2020 was a marquee year for nation-state hackers. State-led hacking groups capitalized on a general rise in cybercrime to exact chaotic attacks across a variety of rival government institutions and industries.

In a HP survey, 64% of security experts think this upward trend demonstrates a “worrying” or “very worrying” escalation in global tensions. Wars are no longer fought on battlefields, it seems, but rather in the shadows of the online world.

Hacking Mercenaries: An Economy of Deception

Despite government ties, nation-state hackers are part of the cybercrime economy. In Dr. Michael McGuire’s study for HP, 65% of security experts say they think nation-states are profiting from cybercrime. They’re not entirely wrong.

Nation-state hackers trade tools, data, and services online to fulfill the interests of their government. They may even hire other hackers to conduct attacks on their behalf, a practice designed to keep the spotlight away from official authorities.

Whatever the reason, experts concede that state-sponsored groups are directly funding organized crime, all in the name of cyberwars. Certainly not a good look for those nations allegedly involved.

Who Do Nation-State Hackers Target?

Perhaps surprisingly, nation-state hackers target enterprises more than anyone else. Since 2009, 35% of nation-state attacks have disrupted businesses all over the world. Cyberdefense is an expected target, accounting for 25% of nation-state attacks, while media and communications (14%), government institutions(12%), and critical infrastructures (10%) seem to be less focused on.

Research also shows that individuals don’t have to worry much about nation-state hackers. It’s highly unlikely you’ll become a target as attackers have much less to gain if they focus on private users.

Top Hacking Groups

Big hacking groups have made a huge impact on the cyber infrastructure over the last few years. Between 2016 and 2018, the largest hacking groups attacked around 55 institutions.

Nation-state hackers like the USA’s Equation Group or Russia’s Fancy Bear have been locked in a “cyber-war”, with both entities launching huge political attacks. Although Iranian hackers officially attacked Iran’s nuclear program, Equation Group is thought to have helped develop the Stuxnet program that brought it down.

Lizard Squad was notorious for hacking systems for “fun,” while Anonymous has pulled off numerous acts of hactivist protests. The most notable incidents include Anonymous’ hack on Minneapolis P.D. following the murder of George Floyd and the group’s active takedown of Russian government sites.

Most hacking groups, like REvil, are financially motivated. REvil received an $11 million ransom payment from its attack on JBS. The group also conducted an effective breach on security company Kaseya, accessing systems for over 1,000 businesses.

However, REvil also demonstrates how hacking groups can go missing under pressure from authorities. LizardSquad was disbanded in 2015 and all REvil sites seem to have disappeared since the US urged Russia to take action. Not all hacking groups are easy to take down, but it’s definitely possible with enough perseverance from governments.

Most Famous Hacking Whistleblowers

Three huge cybersecurity incidents have shaken the world over the last decade — all caused by whistleblowers, i.e. people who reveal secret info they deem illegal, immoral, or fraudulent.

Edward Snowden is possibly the most known whistleblower of all times. He stole and leaked groundbreaking revelations on the state of online privacy in the US back in 2013. Though not strictly a “hacking” incident, Snowden exposed American data collection practices that forever changed the way we think about cybersecurity and online surveillance. 

Julian Assange’s Wikileaks releases classified information from unspecified sources. Much of the data has been hacked or stolen from databases, including infamous footage of US apache pilots gunning down civilians and references to US Army intelligence.

John Doe is the person behind the Panama Papers — a leak that exposed the greedy practices of the rich and politically privileged alike. The files included ways people managed to launder money and avoid tax.

Hacking Geography

It’s time we took a look at data breach statistics by country to get a picture of what the current cybersecurity scene looks like across the world. Specifically, we’ll focus on where hackers are coming from, where they focus the attacks, and why certain countries experience data breaches more than others.

Which Nations Have the Best and Worst Cybersecurity?

The Global Threat Index outlines the nations most open to cyberattacks based on their network traffic, attack traffic, and vulnerabilities. This data is concurrent with research from the International Telecommunications Union (ITU). 

The ITU found that Mexico, Mongolia, Afghanistan, Pakistan, Burma, and Ethiopia are the most vulnerable to hacking attempts. Mexican companies have one of the worst levels of cybersecurity out there and the country ranked 52nd in the ITU’s Global Cybersecurity Index (GCI). 

On the other hand, ITU ranks the United States as the nation with the best cybersecurity overall. The US scored a perfect 100 GCI score. This means that US companies heavily invest in cybersecurity to combat a large proportion of hacks.

Other secure nations include the United Kingdom and Saudi Arabia, both of which tied second with the GCI score of 99.54. The top 10 also includes Estonia (4th), South Korea (5th), Singapore (6th), Spain (7th), Russia (8th), UAE (9th), and Malaysia (10th).

Cyberattack Success: Data Breach Statistics by Country

Colombian companies experience successful cyberattacks at a frighteningly high rate. Poor levels of cybersecurity in the country mean the vast majority of local businesses are an easy target for hackers. Mexican companies are targeted with high success (90.6%) for the same reason.

Almost all (91.5%) of Chinese and German companies are successfully cyberattacked. This may seem surprising as both countries rank quite high when it comes to cybersecurity practices. However, they become frequent targets due to the high volume of data local companies handle on a daily basis.

The US ranks 6th on the list, just under Spain, with 89.7%. American companies have a strong level of cybersecurity, but the sheer volume of attacks businesses face ranks the nation high in terms of data breach success.

Most Significant Attacks

A significant cyberattack describes any attack that exposes records causing $1 million of economic damage or more. According to Visual Capitalist’s data breach statistics, the United States is one of the top countries with the biggest data breaches. The country is the most targeted nation by hackers regardless of motive. This is hardly surprising considering the huge economic, political, and cultural impact America has around the world.

US organizations have suffered 156 significant cyberattacks over the last 15 years, which is more than UK and Indian institutions combined. In 2018 alone, American companies experienced a total of 30 hacking incidents — making it the most damaging year so far.

Germany is another nation that’s frequently targeted. The most recent incident involved the German organization Funke Media Group, which was hit with a ransomware attack in December 2020. As a result, the company was left with 6,000 infected computers.

Regions With The Most Data Breaches

IBM broke down the regions with the most malicious cyber activity in 2020. North America, Europe, and Asia suffered between 25-35% of attacks. However, North America was targeted far less than usual, falling from nearly 45% of breaches in 2019.

Europe turned out to be the most attacked region, accounting for over 30% of cyber incidents in 2020. That figure has grown since 2019, when Europe accounted for around 20% of attacks.

Latin America, Middle East, and Africa were the regions with the least data breaches. Still, the number of incidents in these areas grew since 2019, showing a clear indication that cyberattacks are an increasing problem almost all over the world.

Which Nation Has the Most Data Centers?

According to Cloudscene, the US has the largest volume of data centers in the world. In fact, the country has over five times more data centers than the next country on the list, the United Kingdom.

America is an economic powerhouse, home to data-fueled industries and some of the biggest tech brands across the globe. It’s no surprise then, that the United States requires a sea of data centers to process applications, transfer data, and store information. This is also why it’s the no.1 country with the most data breaches. 

America dominates the “hyperscale data center” category too — these are massive facilities used by the likes of Google, Facebook, and Amazon. 39% of hyperscale data centers were located in the US in Q4 2020. The next closest country is China, which has a 10% share of all hyperscale data centers.

Threat Categories Around the World

Checkpoint’s data gives us a glimpse into the leading malware categories for each region.

Generally, Asia-Pacific is the region with the most data breaches and malware attacks. Surprisingly, the Americas seem to have the lowest numbers across all categories when it comes to malicious hacks. However, this could be because Latin America isn’t as much of a target as North America, evening out the median for these statistics.

Botnet is the leading malware category, with 30% of APAC companies suffering a botnet attack in 2020. The results are consistent across all regions: botnet is the most prevalent malware, followed by cryptominers, infostealers, mobile, banking, and ransomware.

Data Breach Cost by Region

Data breaches vary in cost across different regions. Globally, they amount to an average of  $4.24 million, but it’s much lower than most countries endure on a yearly basis. The US suffers the biggest cyberattacks and therefore tops the list with over $9 million in related costs. Even though the Middle East faces lower costs, it still needs to fork out more than $6 million. Canada, Germany, Japan, France, and the UK all pay above the global average too.

Data protection legislation has a part to play. GDPR and the Federal Trade Commission are known to dish out some of the strictest punishments, and it’s no surprise to see the United States and a host of European countries with the highest stats in this category.

However, there are more factors to consider. Data breach cost is heavily influenced by the severity of the data breach: the number of records leaked, the number of people affected, and the length of downtime.

Data Protection Around the World

Europe leads the world with its data protection laws, known as GDPR. GDPR is one of the toughest privacy and security laws in the whole world, protecting user data of all kinds. The legislation covers all European Union countries, including the UK, France, Germany, Belgium, Italy, Poland, and Spain. However, any country with users within the EU still has to abide by GDPR if they want to serve that population, regardless of where it operates from. 

Africa has the second-highest number of countries with data protection laws. Leaders are recognizing the importance of data protection and recent amendments to local laws allowed Africa to align its practices with global standards. The Americas, Asia Pacific, the Arab States, and the Commonwealth of Independent States follow the regions closely on the list.

The rise in cybercrime felt during the COVID-19 pandemic stimulated a greater adoption of data privacy regulations around the world. 133 nations registered data protection laws in 2020 and a further 15 are drafting new legislation as we speak. Sadly, 46 nations still don’t have data protection legislation in place.

Where Are Hackers From?

Akamai has the most recent study into the origins of cyberattack traffic. The results of the study are to be expected: China dominates the hacking landscape with 41% of all hacking activity.

The United States and Russia also feature high on the list. However, there are a couple of unexpected additions. Turkey features third in Akamai’s study with 4.7% of the world’s hacking activity. Meanwhile, Taiwan and Romania are two smaller nations that many may not have anticipated making it into the top ten.

Cybersecurity Staffing Gap by Nation

Some nations are suffering from the cybersecurity staffing shortage more than others. The likes of Canada, Australia, and the UK have smaller cybersecurity workforce gaps than other nations. Still, the deficits in these countries still represent a significant total. Overall, Mexico, Japan, Germany, and Brazil are in desperate need of talent to bolster their cybersecurity teams.

Possibly the most surprising of all, the United States is faced with the biggest cybersecurity workforce gap. Almost 880,000 cybersecurity professionals are still not enough to fight the high levels of cybercrime throughout the country, with more than 350,000 additional cybersecurity employees required to bridge the personnel gap.

Cybersecurity Staffing Gap by Region

So, which regions are desperate for cybersecurity professionals?

Despite problems in the US, North America is in a better shape than Latin America and Asia-Pacific. Two-thirds of the global demand for cybersecurity staff comes from organizations in the APAC region — a staff shortage of over 2 million. That’s millions of positions still waiting to be filled by skilled professionals who don’t yet exist. 

Altogether, there are 3.12 million open cybersecurity positions in organizations across the world. The total has been slightly decreasing in recent years, falling from a global workforce gap of 4.07 million in 2019. However, the world is still in a desperate need for cybersecurity specialists and this is not likely to change for some time.

The Source of Spam

If we all have to deal with phishing messages, it helps to know where they’re coming from.

Kaspersky found that Russia is the king of spam. While a large portion of phishing messages originate in China, Germany, and the US, Russia sends more spam than anyone else, accounting for 22.47% of malicious messages. At the other end, Brasil generates the least phishing emails — less than 5% of all spam messages seem to originate from there.

GDPR Hot Zones

Which European jurisdictions are enforcing the General Data Protection Regulation (GDPR) rule with sanctions? 

Italy is currently leading the way with nearly €80 million of GDPR fines. Germany isn’t far behind—one of the hotspots for data leaks and cybercrime throughout the EU. Elsewhere, France, the UK, and Spain have all issued large totals of fines.

That being said, EU nations have been criticized for failing to enforce GDPR with significant punishments. That may be about to change: Luxembourg recently fined Amazon a record €746 million for multiple breaches of GDPR. Should Amazon fail with its appeal, Luxembourg’s fine could go down as one of the largest data protection sanctions of all time.

Who’s Investing in the Cybersecurity Arms Race?

A “cybersecurity arms race” is taking place in major economies, such as the US, China, Russia, and the EU. Countries are boosting their spending on cybersecurity, and Russia is leading the charts with a 200% increase. Why? Because governments are realizing the importance of cyber defense, and they’re building their own arsenal of deterrents amidst rising tensions. People are calling the spate of recent nation-state attacks a “cyberwar”.

It’s clear that hacking and cyberattacks are an ever-growing threat to international security. According to HP, 70% of security experts believe a “cyber-treaty” is needed between states to stop things from getting out of hand. Unfortunately, 30% of them don’t think that such an agreement will ever come to fruition. What’s your take on that — do you think countries can cooperate to combat cybercrime?

This was Part 3 of our Hacking the World series. 

Read on for Part 4: The Cost & Future of Hacking (Plus: Safety Tips)

Or check out Part 1: Hacking Basics and Part 2: What’s Being Hacked (And What Changed with Covid).