10 Cybersecurity Stats You Need to Know for 2019
Being Able to Defend Your Business From Attacks Is More Important Than Ever
You might be familiar with cyberattacks being a news item every now and then when a large corporation is targeted. You might hear about 100s of millions of accounts being compromised or large amounts of money being stolen in a standalone attack.
The real worry and growing concern, however, is for SMBs, which are increasingly finding themselves under frequent threat of attack as methods of hacking become more sophisticated. Nearly half of all cyberattacks target SMBs, a number which is expected to increase.
Considering that 99.7% of all businesses in the US are SMBs (defined as having 500 or fewer employees), cybersecurity will be at the top of the agenda for business executives for the years to come.
Here’s our list of 10 cybersecurity facts that will get you thinking seriously about protecting your business from modern cyber threats:
1. 90% of Remote Code Execution Attacks Are Associated With Crypto-mining
A remote code execution (RCE) attack involves the attacker having the ability to have complete remote access to the victim’s device. Wherein they can execute malicious programs and assume total control of the compromised system. During an RCE attack, a request will be sent to an external location to download malware onto the device.
The recent trend has seen crypto-mining become the dominant malware of choice in these attacks. Crypto-mining is a perfectly legitimate process used to earn crypto-currency such as Bitcoin. It also requires enormous amounts of hardware power to be successful at it. To this end, cyber criminals use malware to infect huge numbers of devices to do the work for them—well over half a billion people are estimated to have been affected by these attacks.
2. 92% of Malware Is Delivered by Email
Email is by far the most dominant vehicle for cyberattacks. Malware delivered through webpages comes second with 6.5%. It is an unfortunate reality that many business owners do not respect the danger posed by not securing their employees’ email servers effectively.
Having a greater understanding of encryption options regarding company-wide email use is essential. For example, being sure that your email sessions are protected with Transport Layer Security (TLS) so valuable information can’t be intercepted. Using a trusted web-based email service will assure you of this safeguard. Familiarize yourself with email Data Loss Prevention (DLP), a solution that analyzes and proactively encrypts—and blocks in some cases—confidential messages to give an added wall of protection for users.
3. 56% of IT Decision Makers Say Targeted Phishing Attacks Are Their Top Security Threat
Phishing, the practice of luring people into revealing sensitive information by posing as a legitimate person or organization, continues to be a constant threat for businesses. Usually conducted via email spamming, 76% of businesses reported being the victim of a phishing attack in 2018.
It should come as no surprise that the practice remains a chief concern of many IT departments, which often make up the backbone of a company’s tech capabilities. For all businesses there will always be someone in a company who falls for a phishing attack. Education on how to deal with suspicious emails is a must to help avoid these attacks—be wary of pop-ups; verify a website’s security; use anti-virus software; keep your browser up to date.
4. Fileless Attacks Rose by 94% in 2018
Also known as a non-malware attack, fileless cyberattacks work by utilizing software already present on the victim’s device. Regular malware attacks can be caught because they have to write to your disk. Fileless attacks are stealthier, prompted by clicking a bad link or pop-up, at which point the infection begins. Malicious scripts from the pop-up will then run on an already-installed program like PowerShell on the user’s machine and begin finding sensitive information to send to the hacker.
Fileless attacks are relatively overlooked by antivirus software as they leave little to no footprint, making it a method of choice for many cybercriminals. Prevention techniques for phishing are applicable here too: be wary; keep your programs updated; and if necessary, you can disable apps like PowerShell in the Control Panel to be sure of safety.
5. The Average Ransomware Attack Costs a Company $5 million
When a cyberattack hits your business, it’s not just compromised data that’ll be your concern, but also the disruption to your operation. Idleness in your organization will represent a huge cost, with $5 million being the average loss—$1.25 million from system downtime and $1.5 million from IT and end-user productivity loss being the major losses.
The cost of ransomware can be substantial to a business’ daily operations. Downtime can often be mitigated by an effective communication structure within the company. With the right solutions, a nimble and digitally-mature business will be we-placed to counter an attack like this before it spreads.
6. It Takes Organizations an Average of 197 Days to Identify Data Breaches
You might be surprised to learn that it takes well over six months on average for companies to identify a breach in their system. It takes a further 69 days to contain that breach. These breaches are expensive, time-consuming, and sometimes debilitating—particularly for SMBs that can hardly afford the luxury of time and blank checks to solve them.
Being prepared and able to respond quickly to an attack is absolutely key for a business. This is where a dedicated managed service provider (MSP) like Impact can be vital—having a partner who can monitor the health of your system security round-the-clock and take action when needed can be the difference between a blip and meltdown.
7. 86% of US Businesses Have Increased Their Spending on IT Security
SMBs are spending more than ever on improving their tech solutions for the sake of their security. In previous years, federal compliance laws were the chief reason for spending increases nationwide.
For the first time, with the fear of financial penalties for data breaches looming, companies are investing in their security in an effort to prevent costly attacks on their data. This is in the wake of the news that successful breaches reached an all-time high, with 71% of US companies having now experienced a breach—46% in the last 12 months.
8. 88% of Companies Spent More Than $1 Million on Preparing for GDPR
With GDPR coming into effect for EU citizens last year, US companies spent millions on preparing to abide by the new regulations around their European visitors. 88% of businesses reported spending more than $1 million to prepare.
With substantial lobbying for a US twin of GDPR and in light of California’s privacy law, CCPA, preparation for nationwide data privacy regulation is seen as a smart move for future-proofing a business.
9. 61% of Organizations Have Experienced an IoT Security Incident
Internet of Things (IoT) functionality within a business can be an important asset to a forward-thinking organization, and its effectiveness will only continue to grow. Back In 2014, HP discovered that nearly 70% of IoT devices were vulnerable to attacks from external sources.
With 61% of businesses having security incidents with IoT devices, it’s a cyber threat that is clearly still an issue for companies in 2019. This makes protection for IoT tech a growing concern for SMBs which are more frequently using it. Effective preventative measures include the company system limiting the amount of data stored on IoT devices; and not allowing certain features to run until the device has been properly configured.
10. 71% of SMBs Are Not Prepared for Cybersecurity Risks
IT decision makers are overwhelming in their belief of the threats to their cybersecurity. 96% believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them.
With cyberthreats becoming an ever-present danger to SMBs, it’s no wonder that decision-makers in IT are concerned. If there was a time to invest in a strategy to help defend and protect your organization against these threats, it’s now.
Want to Learn More?
For more information on cybersecurity, download our white paper on the Top Security Trends for Small to Midsize Businesses: http://go.impactmybiz.com/OptimizeWhitePaper.html
Imapct’s CompleteCare program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our cybersecurity experts. Learn more about Impact’s offerings here.