If you have not done so already, it is time to take a serious look at your practices and your system security.  Continuously hardening your network environments and personal systems as well as educate yourself about ways to keep yourself off the “victim of cybercrime” list is very much worth the effort.

Why?  Well, we reviewed the 2019 cyberspace breach statistics, and if not convinced before, read on.  The compelling stats are ever-increasingly alarming. If not through an attack to influence some major election or cripple some business operations, cybercriminals will continue to find something to attack, influence, or steal.  Nevertheless, one fact is certain:  we should not underestimate this growing threat. 

The media generally covers the large breaches in the news but neglects to provide the masses with the real picture.  Mainstream media usually omit news about smaller enterprise attacks and breaches and rest assured, there are many of them omitted from your daily news briefings.  Depending on your usual news outlets to report and keep you “up to speed” with the state of cybersecurity (or lack thereof) in today’s environments certainly is a mistake.  If you are still on the fence about whether to take more proactive measures to protect your personal or corporate systems, below we have highlighted some facts to ponder in the hope that you might consider that proactive approach to systems security after all.

Are you worried?

As expected, the number of attacks and breaches in the cyber world are growing at a steady rate.  So much so that a Gallop study (https://news.gallup.com/poll/244676/cybercrimes-remain-worrisome-americans.aspx) revealed that more Americans are worried about cybercrime than violent crimes.

  • In 2019, 71% of Americans are worried about having personal or financial information hacked, but only 24% are worried about becoming a victim of terrorism. 

And yet, just in January of 2019 alone, 1.76 billion user records were leaked.

Perhaps it IS time to worry..


  • In 2019, Ransomware is expected to cost businesses and organizations $11.5 billion.

Ransomware frequency is not slowing down, either.

Microsoft Office file extensions among the most targeted:

  • According to the Cisco’s 2018 Annual Cybersecurity Report, the most malicious file extensions used by email hackers were those of Microsoft Office format.   This means Word, PowerPoint, and Excel. (https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf
  • While .EXE files have been historically exploited by hackers, they are now commonly also blocked as attachments by most email providers because of it.  However, since Microsoft Office applications have inherent abilities to run “macros” (a Microsoft’s cute term for “script”), hackers are exploiting this “feature” because it provides them the ability to run scripts (aka macros) embedded in the documents to evade standard security email checks and antivirus programs.  So, Microsoft Office has now taken the top spot as having the most malicious file extensions.
  • Cisco also reported that 38 percent of the malicious extensions are those of Microsoft Office files.  Second worst are compressed files/archive formats (.ZIP and .JAR files) at 37% , while  the .PDF files ran third at 14 percent.

 Main Cause of Data Breaches:  Malicious or Criminal Attacks

IBM did a study about causes, too.  (https://www.ibm.com/security/data-breach)

Several factors are included in the list of causes of today’s data breaches, and IBM reported the list, along with the percentages attributable to the cause of the breaches. The list is also worth committing to memory:

The main causes of data breaches:

  1. Human error (includes negligence by employees, even contractors 27%
  2. System glitches 25%
  3. Malicious or criminal attacks (where businesses were deliberately targeted) 48%

The first on this list is Human error and/or Negligence.  A little effort goes a long way here. How much is it worth to you to safeguard your personal or business information and bank accounts?   While human behavior has such a significant impact on the workplace and the state of cyber security, why not harness that ability. Therein lies the potential to implement some safeguards, practices, and procedures. We have urged clients to become proactive in this area for years.

A proactive approach to education, training, and policy/procedures, will help to mitigate attacks and the costs associated with remedy.  The cost to implement an appropriate security-information program is not as costly as many might assume. What’s more, educated employees who believe they may be attacked act differently toward security than those who do not yet see the light of reality.  A security-information program is hands-down the best “non-insurance insurance” available.

About half (50%) of all cyber attacks target small businesses:

Hackers Use the Side Door, too

  • Smallbiztrends.com reported, “Hackers sometimes target small businesses with the goal of breaching a larger company connected to the small business. Target’s data was famously breached. But few people know that the company’s vast database was actually hacked through its HVAC vendor. … Small businesses may have access to huge amounts of data.”  (Emphasis added.) (https://smallbiztrends.com/2018/08/cybercriminals-target-small-businesses.html)

Mobile Attacks on the Rise

Email attacks

  • Phishing emails are responsible for 91% of email attacks.
  • 13.92% of malware gets delivered via email.

Do you run a business?

  • 7 of 10 businesses are not prepared to respond to a cyberattack.

Even with the ridiculous statistics of the current state of cyberthreats, and we know cyber attacks are growing exponentially, and yet, over 73% of businesses are underprepared to deal with one.  And what’s more, those same businesses would suffer significant adverse impacts as a result of cyberattacks. (https://www.inc.com/adam-levin/more-than-70-percent-of-businesses-admit-theyre-unprepared-for-a-cyberattack.html)

What to watch for in 2019:

 The expected global cost of cybercrime in 2019:

If the above facts manage to produce concern in the form of a bona fide alarm, then all the better.  Knowledge is your weapon.  Remember, staying a step ahead of cybercriminals requires resistance, diligence, and effort. 

If you need help with Cybersecurity issues, give Back Office Geeks a call or email or take a look at our Security Services offerering

by Barb Reid – Back Office Geeks  05/17/2019

Let's get to work.