Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents

The exponential growth in the interconnectedness of people and devices, as well as the upward trend in cyberspace usage will continue to lead to a greater reliance on the internet. Most people’s daily activities are dependent on their ability to navigate the internet to access and manage information. There are usually real risks associated with managing or accessing information, and these risks when exploited by threat actors, often lead to cybersecurity incidents. It is a common knowledge that a major cybersecurity incident is likely to result in significant financial losses, legal liability, privacy violations, reputational damage, sensitive data compromises, as well as national security implications. Threat actors usually employ various attack techniques to cause these incidents. After we identified the major cybersecurity incident report that is consolidated by the Center for Strategic & International Studies (CSIS) from which we derived the data of about the 803 major incidents that we analyzed, we then verified its (CSIS) credibility, non-partisan, global outreach and cybersecurity attack coverage by cross-referencing it with Data Breach Investigation Report (DBIR). We also through the lens of the Global Cybersecurity Index (GCI) ensured that this study is conducted within the context of cybersecurity principles. In reference to these attack techniques employed by threat actors, we conducted an exploratory investigation of 803 major cybersecurity incidents that were reported over the last decade. From a group of 244 of these major security incidents that happened and were reported between 2005 and 2021, this study reports that malware attack techniques were employed by threat actors to cause 48 percent of them and phishing attack techniques account for 19.7 percent of them. As many sources have confirmed the fact that major incidents will always happen, we echo the importance of readiness of organizations to conduct cybersecurity incident triage and or thorough investigation as necessary. Given the relevance of the guidelines outlined in the National Institute of Standards and Technology (NIST) incident response framework, we also recommend that organizations should adopt it or at least embrace similar guidelines as best as possible.