The late Senator John McCain once shared a quip that underpins why charitable or civically minded people are reliable for even more assistance when needed—those who do more do more. And there’s a good chance you’ve run into the darker probability that haters will hate, now immortalized by Taylor Swift. Both truisms get at one of the most reliable aspects of human quirkiness—we tend to be creatures of habit.

For those in the cyber resilience realm, that pattern is playing out exactly as predicted this year. Hackers are hacking, thieves are thieving and ransomers are—you guessed it—ransoming. In other words, cybercrime, the growth industry, is indeed growing.

As we reach the year’s halfway point, let’s look at some of the most significant attacks so far this year:

• Blockchain schmockchain: Cryptocurrency exchange Crypto.com’s two-factor-identification (2FA) system was compromised as thieves made off with approximately $30 million.
• Still the one they run to…: Microsoft’s ubiquity makes it a constant target. Earlier this year, the hacking collective Lapsus$ compromised Cortana and Bing, among other Microsoft products, posting source code online.
• Not necessarily the news: News Corp. journalist emails and documents were accessed at properties including the Wall Street Journal, Dow Jones and the New York Post in a hack tied to China.
• Uncharitable ways: The Red Cross was the target of an attack earlier this year, with more than half a million “highly vulnerable” records of Red Cross assistance recipients compromised.
• Victim of success: North Korea’s Lazarus Group made off with $600 million in cryptocurrencies after blockchain gaming platform Ronin relaxed some of its security protocols so its servers could better handle its growing popularity.
• We can hear you now: State-sponsored hackers in China have breached global telecom powerhouses worldwide this year, according to the U.S. Cybersecurity & Infrastructure Security Agency.
• Politics, the art of the possible: Christian crowdfunding site GiveSendGo was breached twice this year as hacktivists exposed the records of donors to Canada’s Freedom Convoy.
• Disgruntled revenge: Businesspeople everywhere were reminded of the risks associated with departing personnel when fintech powerhouse Block announced that a former employee accessed sensitive customer information, impacting eight million customers.
• Unhealthy habits: Two million sensitive customer records were exposed when hackers breached Shields Health Care’s network.
• They even stole the rewards points: General Motors revealed that hackers used a credentials stuffing attack to access personal information on an undisclosed number of car owners. They even stole gift-card-redeemable customer reward points.

The tip of the iceberg

For every breach or attack that generates headlines, millions of others that we never hear about put businesses at risk regularly. The Anti-Phishing Working Group just released data for the first quarter of this year, and the trend isn’t good. Recorded phishing attacks are at an all-time high (more than a million in just the first quarter) and were accelerating as the quarter closed, with March 2022 setting a new record for single-month attacks.

The takeaway from this activity is to help your clients connect two vital dots:

1. The world’s biggest, most secure and best-funded organizations cannot keep the bad guys at bay. A layered cyber resilience strategy that aims to keep the crooks out while also preparing to recover if they get in anyway is the only reliable method of defending a company in today’s threat landscape.
2. Most attacks are on SMBs, just like them, that never make headlines but are costly in terms of money, reputation, customers and, sometimes, their very existence. Inaction is not an option.