Casualties and Damages of Global Cybersecurity War or Some Examples of Astronomical Values

There is quite a lot of statistics giving not just alarming but truly intimidating figures from global cybersecurity battlefield. For too many businesses it is not about winning, it’s about survival. See the figures and make your conclusions:

1. New hacker attack happens every 39 seconds

According to a Clark School study held at the University of Maryland there occur hacker attacks of computers with Internet access every 39 seconds on average. This alone should be a sufficient reason for making secure logins and passwords to be taken seriously.

2. Small businesses became target of nearly every second attack

According to study by Symantec, 43% of all cyberattacks are launched against small businesses. Of those small businesses 64% have experienced web-based attacks, 62% underwent phishing & social engineering attacks and 51% experienced denial of service attacks.

To understand why this is a problem, learn the figure below:

3. 60% of those hacked small businesses go out of business within six months

Once again. According to study by Fundera, 60% of small businesses which were subjected to cybercrimes, go out of business due to attack consequences: customers’ data loss, financial data corruption, litigations etc. Kill ratio too high to be ignored, don’t you think so? Why it happens, you will understand from the stats below…

4. Global average cost of a data breach for SMB is 3.4 million

This figure by Varonis explains why successful cyberattacks against SMB are so lethal. 3.5 million is too much for vast majority of SMBs. Even if company copes with financial damages, every cyberattack is not just about financial losses, but about reputation as well. Still, that’s almost nothing compared to possible outcomes for publicly traded companies, which should beware infinitely more…

5. Global average cost of a data breach for public company is 100 million

According to a report by Audit Analytics, the average cost a data breach for a publicly-traded company will reach or even surpass 100 million. A hundred million euros. That’s near the total annual revenue which makes it reasonable for a business to go public. Once again: a hundred million euros of damages. Enjoy and indulge in memories of how you screwed your cybersecurity system.

5. Year 2020 brought about a 300% increase in reported cybercrimes

People sit at home, spend more money online and, most importantly heavily rely on remote collaboration and communication tools. Convenience for businesses which turned Bonanza for cybercriminals. 300% increase in cybercrimes since March 2020 reported by FBI might be a shocking indicator, but we will easily make it even more shocking. These are REPORTED cybercrimes. So, actual growth might very well have been even higher. Why so? It’s because:

6. On average 6 months pass before data breach is detected, even in major companies

Even such giants like Capital One or Facebook were subjected to successful cybersecurity breaches, which were discovered long after users’ passwords, credit card details and other sensitive data had been compromised. And this is despite the fact, that funds spent on cybersecurity globally have long ago reached astronomical values:

7. Near $900 billion will be spent globally on cybersecurity by 2021

According to recent Cybersecurity Ventures report, organizations and businesses globally make fundamental changes in their approach to cybersecurity and reprioritize budgets to align with new realities. And still the total cost of cybercrimes is expected to be times higher:

8. Global cost of cybersecurity crimes will surpass 5,25 trillion by 2021

According to the same above report by Cybersecurity Ventures, global business and economy will sustain near 5,5 trillion of damages in 2021 because of cybercrimes. Again, why these truly enormous expenses on cybersecurity do not stop these staggering cybersecurity losses? Why? That’s because…

9. 95% of cybersecurity breaches occur through human error

Criminals and hackers will infiltrate your company’s IT infrastructure or data through your weakest link which is your employees! (not an IT or security team, btw). Good on-board security team, or outsourced one (which is even better, says MSSP) will dramatically improve chances for successful cybersecurity protection. But if you have neither, at least you need a good Cyber Security Incident Response plan to minimize incident losses. Still…

10. 77% of organizations do NOT have a Cyber Security Incident Response plan

Really, why should you need it… You will never be hacked, because Americans never landed on the Moon and the Earth is flat and all hackers, if there are any, will fall over its edge, sooner or later… Still, if you do not want to wait for this cybercrime incident, order a Plan from us, as a bonus to an affordable package of managed security services.


New Security Realities of COVID-19 World

This year hackers got brand new opportunity to get richer based on Covid-19 hype. McAfee detects more and more criminal attempts to exploit current events. This is why organizations and business have to be on aware and understand what new attack methods are used by cybercriminals in Covid-19 world.

Phishing letters now became the best tool for cybercriminals. Amount of such a content has considerably grown over the past few months. Users get faked letters as if from World Health Organization about sales of masks and medications, coronavirus tests and other medical merchandise (subject of such a message would usually be the most relevant for the addressee from specific region).

Phishing letters either contain links to sites with malicious content or to the documents with exploits or malicious macros. The goal of these activities is to get malicious code to the workstation with the purpose of stealing user or payment data. Hackers also try to lure the victim to a faked web resource with such phishing letters.

Criminal web site would imitate appearance of the bank site or payment system where users are offered to enter personal data. Crypto extorter, cyphering the victim PC, deleting shadow file copies and demanding ransom is one more variant of malicious software. It is well known, that today most attacks are conducted not by humans but by autonomous software solutions, collecting information about victims from different sources and sending phishing letter automatically. Information needed for such attacks is often collected from social networks and other open sources, which demands practically no efforts from criminals. For instance, in user files metadata, which are often in open access, there can be found email addresses, IP-addresses, OS versions etc.

This is a very often occasion when hackers us previously stolen user databases to launch attacks. Criminals may deploy any new attack within just several hours, based on social engineering techniques and emotions of potential victims. The best defense from such attack is awareness and informing company employees of cybercriminal methods.


How to Create Safe Passwords

Creating good and reliable passwords is quite a difficult task for many. It becomes especially intimidating when you start considering unique password for each site you visit. Tens of unique passwords like [email protected]! will make anyone feel a bit perplexed and gloomy.

A typical response to this problem will be simple and insecure.  A user will use one password for all services and resources, or will create several equally simple (to remember) and unreliable passwords. Or there will be some sticker with passwords brightly hidden beneath the keyboard.

Looks like there is a collision between strong passwords you can not remember and weak passwords you can remember but can not use if you want to avoid unauthorized access to your data.  First let’s see what is a strong (and weak) password.

Strong vs Weak Password

A strong password will have sufficient length, use various upper and lower case letters with numbers and symbols. It will not contain dictionary words or ties to your personal information.

Passwords like MyPassword1 might look ok considering above advise but they are not. Word password and any other dictionary word is not a good idea for password.

Anna1989:& does contain upper and lower case, as well as numbers and symbols, but it seriously flawed. Name and year of birth can be easily discovered from open sources and they will be, in case a hacker needs your data.

C0ntekst* is a bit more secure, as it has letter o substituted for number 0, and there is a deliberate error in spelling. Yet, it’s too short unfortunately. It will not take too much time for code-breaking software to guess it.

What shall I do?

Luckily, there are several easy to use and efficient tricks you can use to create strong password which will not force you enroll for memory improvement trainings.

Phrases with Personally Valuable Information

Think of something you are unlikely to forget and build a password on its basis. The2o12’sTripT0Pariswas0key is not that difficult to remember but is truly difficult to crack.

Acronyms or shortcut codes

EksEksEksElIz0key4MaiFriend – XXXL is ok for my friend. Spelling errors, numbers instead of letters and words, easy to recall information. Good example, still you can easily make it even better. Just think about using…

Smileys

Let’s take our example based on our friend’s anthropometry and add some emotion: EksEksEksElIz0key4MaiFriend:-). It’s always good to have a big friend. One of the benefits is when you are glad it makes your passwords even stronger and you will not forget in what way 🙂

Surely, there are many more efficient techniques to build strong passwords. But you don’t have to use them all to make your passwords strong and easy to remember. Just master those listed above and always remember: mix numbers and letters, upper and lower cases, add symbols, make errors and KEEP THEM LONG!