If you have not done so already, it is time to take a serious look at your practices and your system security. Continuously hardening your network environments and personal systems as well as educate yourself about ways to keep yourself off the “victim of cybercrime” list is very much worth the effort.
Why? Well, we reviewed the 2019 cyberspace breach statistics, and if not convinced before, read on. The compelling stats are ever-increasingly alarming. If not through an attack to influence some major election or cripple some business operations, cybercriminals will continue to find something to attack, influence, or steal. Nevertheless, one fact is certain: we should not underestimate this growing threat.
The media generally covers the large breaches in the news but neglects to provide the masses with the real picture. Mainstream media usually omit news about smaller enterprise attacks and breaches and rest assured, there are many of them omitted from your daily news briefings. Depending on your usual news outlets to report and keep you “up to speed” with the state of cybersecurity (or lack thereof) in today’s environments certainly is a mistake. If you are still on the fence about whether to take more proactive measures to protect your personal or corporate systems, below we have highlighted some facts to ponder in the hope that you might consider that proactive approach to systems security after all.
Are you worried?
As expected, the number of attacks and breaches in the cyber world are growing at a steady rate. So much so that a Gallop study (https://news.gallup.com/poll/244676/cybercrimes-remain-worrisome-americans.aspx) revealed that more Americans are worried about cybercrime than violent crimes.
- In 2019, 71% of Americans are worried about having personal or financial information hacked, but only 24% are worried about becoming a victim of terrorism.
And yet, just in January of 2019 alone, 1.76 billion user records were leaked.
Perhaps it IS time to worry..
- In 2019, Ransomware is expected to cost businesses and organizations $11.5 billion.
Ransomware frequency is not slowing down, either.
- According to a Security Boulevard study, in March 2019, Orange County of North Carolina was hit by the THIRD ransomware attack in six years, costing them $400K. (https://securityboulevard.com/2019/03/north-carolinas-orange-county-hit-by-third-ransomware-attack-in-six-years)
- As reported by CyberSecurityVentures.com, ransomware damages hold an alarming expense: “$5 billion in 2017” but is expected to soar to “$11.5 billion in 2019.”
Microsoft Office file extensions among the most targeted:
- According to the Cisco’s 2018 Annual Cybersecurity Report, the most malicious file extensions used by email hackers were those of Microsoft Office format. This means Word, PowerPoint, and Excel. (https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf)
- While .EXE files have been historically exploited by hackers, they are now commonly also blocked as attachments by most email providers because of it. However, since Microsoft Office applications have inherent abilities to run “macros” (a Microsoft’s cute term for “script”), hackers are exploiting this “feature” because it provides them the ability to run scripts (aka macros) embedded in the documents to evade standard security email checks and antivirus programs. So, Microsoft Office has now taken the top spot as having the most malicious file extensions.
- Cisco also reported that 38 percent of the malicious extensions are those of Microsoft Office files. Second worst are compressed files/archive formats (.ZIP and .JAR files) at 37% , while the .PDF files ran third at 14 percent.
Main Cause of Data Breaches: Malicious or Criminal Attacks
IBM did a study about causes, too. (https://www.ibm.com/security/data-breach)
Several factors are included in the list of causes of today’s data breaches, and IBM reported the list, along with the percentages attributable to the cause of the breaches. The list is also worth committing to memory:
The main causes of data breaches:
- Human error (includes negligence by employees, even contractors 27%
- System glitches 25%
- Malicious or criminal attacks (where businesses were deliberately targeted) 48%
The first on this list is Human error and/or Negligence. A little effort goes a long way here. How much is it worth to you to safeguard your personal or business information and bank accounts? While human behavior has such a significant impact on the workplace and the state of cyber security, why not harness that ability. Therein lies the potential to implement some safeguards, practices, and procedures. We have urged clients to become proactive in this area for years.
A proactive approach to education, training, and policy/procedures, will help to mitigate attacks and the costs associated with remedy. The cost to implement an appropriate security-information program is not as costly as many might assume. What’s more, educated employees who believe they may be attacked act differently toward security than those who do not yet see the light of reality. A security-information program is hands-down the best “non-insurance insurance” available.
About half (50%) of all cyber attacks target small businesses:
- The damage will be more severe on a smaller to mid-size businesses. (https://www.inc.com/joseph-steinberg/small-businesses-beware-half-of-all-cyber-attacks-target-you.html) Additionally, hackers are aware that smaller organizations are less likely to take the measures necessary to properly safeguard systems security, and as a result, these become desirable targets.
Hackers Use the Side Door, too
- Smallbiztrends.com reported, “Hackers sometimes target small businesses with the goal of breaching a larger company connected to the small business. Target’s data was famously breached. But few people know that the company’s vast database was actually hacked through its HVAC vendor. … Small businesses may have access to huge amounts of data.” (Emphasis added.) (https://smallbiztrends.com/2018/08/cybercriminals-target-small-businesses.html)
Mobile Attacks on the Rise
- Mobile attacks via malware rose by a whopping 54%. (https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf)
- It does not help that only 20% of Android devices are running the newest release. Update your devices, people!
- Phishing emails are responsible for 91% of email attacks.
- 13.92% of malware gets delivered via email.
Do you run a business?
- 7 of 10 businesses are not prepared to respond to a cyberattack.
Even with the ridiculous statistics of the current state of cyberthreats, and we know cyber attacks are growing exponentially, and yet, over 73% of businesses are underprepared to deal with one. And what’s more, those same businesses would suffer significant adverse impacts as a result of cyberattacks. (https://www.inc.com/adam-levin/more-than-70-percent-of-businesses-admit-theyre-unprepared-for-a-cyberattack.html)
What to watch for in 2019:
- Cryptojacking. This is where an attacker hijacks your CPU and uses it to mine cryptocurrencies. (Think DoS attack, except worse.) The number of cryptojacking occurrences from 2017 to 2018, actually quadrupled, according to Symantec. (https://www.hiscox.co.uk/sites/uk/files/documents/2018-02/Hiscox_Cyber_Readiness_Report_2018_FINAL.PDF)
The expected global cost of cybercrime in 2019:
- Global cost of cybercrime in 2019 is expected to exceed $2 trillion in 2019. (https://www.juniperresearch.com/researchstore/strategy-competition/cybercrime-security)
If the above facts manage to produce concern in the form of a bona fide alarm, then all the better. Knowledge is your weapon. Remember, staying a step ahead of cybercriminals requires resistance, diligence, and effort.
by Barb Reid – Back Office Geeks 05/17/2019