Business

There is quite a lot of statistics giving not just alarming but truly intimidating figures from global cybersecurity battlefield. For too many businesses it is not about winning, it’s about survival. See the figures and make your conclusions:

1. New hacker attack happens every 39 seconds

According to a Clark School study held at the University of Maryland there occur hacker attacks of computers with Internet access every 39 seconds on average. This alone should be a sufficient reason for making secure logins and passwords to be taken seriously.

2. Small businesses became target of nearly every second attack

According to study by Symantec, 43% of all cyberattacks are launched against small businesses. Of those small businesses 64% have experienced web-based attacks, 62% underwent phishing & social engineering attacks and 51% experienced denial of service attacks.

To understand why this is a problem, learn the figure below:

3. 60% of those hacked small businesses go out of business within six months

Once again. According to study by Fundera, 60% of small businesses which were subjected to cybercrimes, go out of business due to attack consequences: customers’ data loss, financial data corruption, litigations etc. Kill ratio too high to be ignored, don’t you think so? Why it happens, you will understand from the stats below:

4. Global average cost of a data breach for SMB is 3.4 million

This figure by Varonis explains why successful cyberattacks against SMB are so lethal. 3.5 million is too much for vast majority of SMBs. Even if company copes with financial damages, every cyberattack is not just about financial losses, but about reputation as well. Still, that’s almost nothing compared to possible outcomes for publicly traded companies, which should beware infinitely more.

5. Global average cost of a data breach for public company is 100 million

According to a report by Audit Analytics, the average cost a data breach for a publicly-traded company will reach or even surpass 100 million. A hundred million euros. That’s near the total annual revenue which makes it reasonable for a business to go public. Once again: a hundred million euros of damages. Enjoy and indulge in memories of how you screwed your cybersecurity system.

5. Year 2020 brought about a 300% increase in reported cybercrimes

People sit at home, spend more money online and, most importantly heavily rely on remote collaboration and communication tools. Convenience for businesses which turned Bonanza for cybercriminals. 300% increase in cybercrimes since March 2020 reported by FBI might be a shocking indicator, but we will easily make it even more shocking. These are REPORTED cybercrimes. So, actual growth might very well have been even higher. Why so? It’s because:

6. On average 6 months pass before data breach is detected, even in major companies

Even such giants like Capital One or Facebook were subjected to successful cybersecurity breaches, which were discovered long after users’ passwords, credit card details and other sensitive data had been compromised. And this is despite the fact, that funds spent on cybersecurity globally have long ago reached astronomical values:

7. Near $900 billion will be spent globally on cybersecurity by 2021

According to recent Cybersecurity Ventures report, organizations and businesses globally make fundamental changes in their approach to cybersecurity and reprioritize budgets to align with new realities. And still the total cost of cybercrimes is expected to be times higher:

8. Global cost of cybersecurity crimes will surpass 5,25 trillion by 2021

According to the same above report by Cybersecurity Ventures, global business and economy will sustain near 5,5 trillion of damages in 2021 because of cybercrimes. Again, why these truly enormous expenses on cybersecurity do not stop these staggering cybersecurity losses? Why? That’s because:

9. 95% of cybersecurity breaches occur through human error

Criminals and hackers will infiltrate your company’s IT infrastructure or data through your weakest link which is your employees! (not an IT or security team, btw). Good on-board security team, or outsourced one (which is even better, says MSSP) will dramatically improve chances for successful cybersecurity protection. But if you have neither, at least you need a good Cyber Security Incident Response plan to minimize incident losses. Still…

10. 77% of organizations do NOT have a Cyber Security Incident Response plan

Really, why should you need it… You will never be hacked, because Americans never landed on the Moon and the Earth is flat and all hackers, if there are any, will fall over its edge, sooner or later. Still, if you do not want to wait for this cybercrime incident, order a Plan from us, as a bonus to an affordable package of managed security services.

This year hackers got brand new opportunity to get richer based on Covid-19 hype. McAfee detects more and more criminal attempts to exploit current events. This is why organizations and business have to be on aware and understand what new attack methods are used by cybercriminals in Covid-19 world.

Phishing letters now became the best tool for cybercriminals. Amount of such a content has considerably grown over the past few months. Users get faked letters as if from World Health Organization about sales of masks and medications, coronavirus tests and other medical merchandise (subject of such a message would usually be the most relevant for the addressee from specific region).

Phishing letters either contain links to sites with malicious content or to the documents with exploits or malicious macros. The goal of these activities is to get malicious code to the workstation with the purpose of stealing user or payment data. Hackers also try to lure the victim to a faked web resource with such phishing letters.

Criminal web site would imitate appearance of the bank site or payment system where users are offered to enter personal data. Crypto extorter, cyphering the victim PC, deleting shadow file copies and demanding ransom is one more variant of malicious software. It is well known, that today most attacks are conducted not by humans but by autonomous software solutions, collecting information about victims from different sources and sending phishing letter automatically. Information needed for such attacks is often collected from social networks and other open sources, which demands practically no efforts from criminals. For instance, in user files metadata, which are often in open access, there can be found email addresses, IP-addresses, OS versions etc.

This is a very often occasion when hackers us previously stolen user databases to launch attacks. Criminals may deploy any new attack within just several hours, based on social engineering techniques and emotions of potential victims. The best defense from such attack is awareness and informing company employees of cybercriminal methods.