If you looked up the term "mixed bag" in the dictionary, the Cyber Incident & Breach Trends Report might be the first thing you see.
The Internet Society's Online Trust Alliance (OTA) just released its report for 2018, and the conclusions are... varied.
While the number of overall breaches and exposed records was down, other areas, such as financial impact, increased significantly.
And according to Jeff Wilbur, Technical Director of the OTA, "the findings of our report are grim. Cyber criminals are becoming more skilled at profiting from their attacks."
What's the size of the cybercrime problem?
When Wilbur said "grim," he really meant it.
From ransomware alone, the OTA recorded $8 billion in losses. But that's only a fraction of the picture.
"The data shows that cybercriminals are getting better at monetizing their activities, with OTA estimating the more than 2 million cyber incidents in 2018 resulted in over $45 billion in losses, with the actual numbers expected to be much higher as many cyber incidents are never reported."
Numbers that high hurt more when you learn that 95% of the breaches could have been prevented, according to the OTA.
Which cybercrimes are growing?
Despite the decrease in breaches and exposed records, different incidents actually increased in 2018.
"The financial impact of ransomware rose by 60%, losses from business email compromise doubled, and cryptojacking incidents more than tripled."
Though not new, supply-chain attacks and issues with cloud computing continued to devastate.
The OTA also recorded a rise in ransomware attacks against state and local governments and credential stuffing, an attack that emerged only recently.
And none of that scratches the surface of ransomware. The simultaneous decrease in attacks and increase in financial losses shows us that the hackers might be getting better at their jobs.
Determining the overall impact
It is actually hard to use the 2018 Cyber Incident & Breach Trends Report to paint a complete picture of cybercrime in 2018.
And the Online Trust Alliance knows this:
"It is difficult to get a complete, accurate picture of the overall cyber incident landscape.
Much like putting together a jigsaw puzzle with only a handful of key pieces, it is possible to get a sense of the overall picture, but many of the details are missing.
In tracking cyber incidents, many key data 'pieces' exist, but are limited for a variety of reasons—they often represent only one vendor’s view of their user base, they are typically regional and not global, it is easier to measure attacks than measure which are successful, there is a lack of consolidated reporting mechanisms, and finally, it is still the case that most incidents go unreported."
Once again, the 2018 report is a mixed bag. And according to the OTA, it's a mixed bag of semi-complete puzzle pieces.
Read the Cyber Incident & Breach Trends Report for yourself.