10 Cybersecurity Stats You Need to Know for 2020
Cybersecurity Stats, April 2020 update:
Because of the COVID-19 outbreak, we’ve seen a sharp rise in the number and severity of cyberattacks from criminals looking to take advantage of people’s fears and anxieties regarding the pandemic.
These are consistently being perpetrated via the use of phishing, a technique that involves tricking unsuspecting users into handing over sensitive information, such as their Social Security, bank information, or work login.
To read more about how criminals are fooling users, take a look at our blog post about how hackers are using Microsoft Sway to create convincing landing pages that would catch out even the most astute of us.
Attacks like these are unfortunately just the tip of the iceberg, as you’ll see with the following cybersecurity stats. It’s crucial that SMBs in particular remain vigilant to the dangers of cyberattacks and take every measure to ensure they don’t become a victim.
Related Post: Coronavirus Scams: Q&A With Impact’s Director of MIT Security Services
Cybersecurity Stats You Must Know for 2020
You might be familiar with cyberattacks being a news item every now and then when a large corporation is targeted.
You might hear about 100s of millions of accounts being compromised or large amounts of money being stolen in a standalone attack.
The real worry and growing concern, however, is for SMBs, which are increasingly finding themselves under frequent threat of attack as methods of hacking become more sophisticated.
Nearly half of all cyberattacks target SMBs, a number which is expected to increase.
Considering that 99.7% of all businesses in the US are SMBs (defined as having 500 or fewer employees), business leaders are concerned about the impact these attacks could have on them.
For many, it’s a matter of when, not if, and without the right tools at your disposal, you may well be setting yourself up for a disaster down the road.
Here’s our list of 10 cybersecurity stats that will get you thinking seriously about protecting your business from modern cyber threats:
1. 90% of Remote Code Execution Attacks Are Associated With Crypto-mining
A remote code execution (RCE) attack allows the attacker having the ability to have complete remote access to the victim’s device.
Wherein they can execute malicious programs and assume total control of the compromised system.
During an RCE attack, a request will be sent to an external location to download malware onto the device.
The recent trend has seen crypto-mining become the dominant malware of choice in these attacks.
Crypto-mining is a perfectly legitimate process used to earn crypto-currency such as Bitcoin.
It also requires enormous amounts of hardware power to be successful at it.
To this end, cyber criminals use malware to infect huge numbers of devices to do the work for them.
Well over half a billion people are estimated to have been affected by these attacks.
2. 94% of Malware Is Delivered by Email
Email is by far the most dominant vehicle for cyberattacks.
It is an unfortunate reality that many business owners do not respect the danger posed by not securing their employees’ email servers effectively.
Having a greater understanding of encryption options regarding company-wide email use is essential.
For example, being sure that your email sessions are protected with Transport Layer Security (TLS) so valuable information can’t be intercepted.
Using a trusted web-based email service will assure you of this safeguard.
Familiarize yourself with email Data Loss Prevention (DLP), a solution that analyzes and proactively encrypts—and blocks in some cases—confidential messages to give an added wall of protection for users.
3. 56% of IT Decision Makers Say Targeted Phishing Attacks Are Their Top Security Threat
Phishing, the practice of luring people into revealing sensitive information by posing as a legitimate person or organization, continues to be a constant threat for businesses.
Usually conducted via email spamming, 76% of businesses reported being the victim of a phishing attack in 2018.
It should come as no surprise that the practice remains a chief concern of many IT departments, which often make up the backbone of a company’s tech capabilities.
For all businesses there will always be someone in a company who falls for a phishing attack.
Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them
Education on how to deal with suspicious emails is a must to help avoid these attacks—be wary of pop-ups; verify a website’s security; use anti-virus software; keep your browser up to date.
4. Fileless Attacks Increased 265% in Q1 & Q2 2019
Also known as a non-malware attack, fileless cyberattacks work by utilizing software already present on the victim’s device.
Fileless techniques accounted for 51% of attacks in 2019, compared to 40% in 2018
Regular malware attacks can be caught because they have to write to your disk.
Fileless attacks are stealthier, prompted by clicking a bad link or pop-up, at which point the infection begins.
Malicious scripts from the pop-up will then run on an already-installed program like PowerShell on the user’s machine and begin finding sensitive information to send to the hacker.
Fileless attacks are relatively overlooked by antivirus software as they leave little to no footprint, making it a method of choice for many cybercriminals.
Prevention techniques for phishing are applicable here too: be wary; keep your programs updated; and if necessary, you can disable apps like PowerShell in the Control Panel to be sure of safety.
5. The Average Ransomware Attack Costs a Company $5 million
When a cyberattack hits your business, it’s not just compromised data that’ll be your concern, but also the disruption to your operation.
Idleness in your organization will represent a huge cost, with $5 million being the average loss—$1.25 million from system downtime and $1.5 million from IT and end-user productivity loss being the major losses.
The cost of ransomware can be substantial to a business’ daily operations.
Downtime can often be mitigated by an effective communication structure within the company.
With the right solutions, a nimble and digitally-mature business will be we-placed to counter an attack like this before it spreads.
6. It Takes Organizations an Average of 197 Days to Identify Data Breaches
This is one of those cybersecurity stats that is should take aback any business leader: it takes well over six months on average for companies to identify a breach in their system.
It takes a further 69 days to contain that breach.
These breaches are expensive, time-consuming, and sometimes debilitating—particularly for SMBs that can hardly afford the luxury of time and blank checks to solve them.
Being prepared and able to respond quickly to an attack is absolutely key for a business.
This is where a dedicated managed security service provider (MSSP) can be vital—having a partner who can monitor the health of your system security round-the-clock and take action when needed can be the difference between a blip and meltdown.
Related Post: Why a Managed Security Service Provider (MSSP) Is Good for Your Business
7. Budgeting for Cybersecurity has increased 141% since 2010
SMBs are spending more than ever on improving their tech solutions for the sake of their security.
In previous years, federal compliance laws were the chief reason for spending increases nationwide.
For the first time, with the fear of financial penalties for data breaches looming, companies are investing in their security in an effort to prevent costly attacks on their data.
71% of US companies have experienced a breach—46% in the last 12 months.
8. 88% of Companies Spent More Than $1 Million on Preparing for GDPR
With GDPR coming into effect for EU citizens last year, US companies spent millions on preparing to abide by the new regulations around their European visitors. 88% of businesses reported spending more than $1 million to prepare.
With substantial lobbying for a US twin of GDPR and in light of California’s privacy law, CCPA, preparation for nationwide data privacy regulation is seen as a smart move for future-proofing a business.
9. 61% of Organizations Have Experienced an IoT Security Incident
Internet of Things (IoT) functionality within a business can be an important asset to a forward-thinking organization, and its effectiveness will only continue to grow.
Back In 2014, HP discovered that nearly 70% of IoT devices were vulnerable to attacks from external sources.
With 61% of businesses having security incidents with IoT devices, it’s a cyber threat that is clearly still an issue for companies in 2020.
This makes protection for IoT tech a growing concern for SMBs which are more frequently using it.
Effective preventative measures include the company system limiting the amount of data stored on IoT devices; and not allowing certain features to run until the device has been properly configured.
10. 71% of SMBs Are Not Prepared for Cybersecurity Risks
IT decision makers are overwhelming in their belief of the threats to their cybersecurity.
96% believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them.
With cyberthreats becoming an ever-present danger to SMBs, it’s no wonder that decision-makers in IT are concerned.
If there was a time to invest in a strategy to help defend and protect your organization against these threats, it’s now.
If these cybersecurity stats have made you think twice about your business security, then you’re not alone. In light of recent events, many organizations have found themselves playing catchup, trying to implement makeshift cloud solutions to make up lost ground while their workforces transition to remote work for the immediate future. Fending off cyberattacks is a challenging but necessary aspect of any modern business, and using cloud services can help create a watertight business.
To find out more about how the cloud can ensure your business is in good shape for the future, download our eBook, “Which Cloud Option Is Right For Your Business?”